Don't read unlimited data from files

It now guards against reading infinite files such as `/dev/zero`. And most readings are bound with a (lax) limit. As a side effect, more checking are done when reading a file and overall the reading procedure is more robust. PR #19095.
2025-07-14 01:03:08 -07:00 · 2023-06-14 13:38:19 +08:00 · 2023-06-14 13:38:19 +08:00 · 79ca2e145f
commit 79ca2e145f
parent 81bc910d68
24 changed files with 370 additions and 199 deletions
--- a/src/base/rss/feed_serializer.cpp
+++ b/src/base/rss/feed_serializer.cpp
@ -31,7 +31,6 @@

 #include "feed_serializer.h"

-#include <QFile>
 #include <QJsonArray>
 #include <QJsonDocument>
 #include <QJsonObject>
@ -46,23 +45,21 @@ const int ARTICLEDATALIST_TYPEID = qRegisterMetaType<QVector<QVariantHash>>();

 void RSS::Private::FeedSerializer::load(const Path &dataFileName, const QString &url)
 {
-    QFile file {dataFileName.data()};
+    const int fileMaxSize = 10 * 1024 * 1024;
+    const auto readResult = Utils::IO::readFile(dataFileName, fileMaxSize);
+    if (!readResult)
+    {
+        if (readResult.error().status == Utils::IO::ReadError::NotExist)
+        {
+            emit loadingFinished({});
+            return;
+        }

-    if (!file.exists())
-    {
-        emit loadingFinished({});
-    }
-    else if (file.open(QFile::ReadOnly))
-    {
-        emit loadingFinished(loadArticles(file.readAll(), url));
-        file.close();
-    }
-    else
-    {
-        LogMsg(tr("Couldn't read RSS Session data from %1. Error: %2")
-               .arg(dataFileName.toString(), file.errorString())
-               , Log::WARNING);
+        LogMsg(tr("Failed to read RSS session data. %1").arg(readResult.error().message), Log::WARNING);
+        return;
    }
+
+    emit loadingFinished(loadArticles(readResult.value(), url));
 }

 void RSS::Private::FeedSerializer::store(const Path &dataFileName, const QVector<QVariantHash> &articlesData)