#3203 closed task (wontfix)
Need to check Sugar for places where we might break on invalid data from the outside
| Reported by: | sascha_silbe | Owned by: | sascha_silbe |
|---|---|---|---|
| Priority: | Unspecified by Maintainer | Milestone: | |
| Component: | Sugar | Version: | Git as of bugdate |
| Severity: | Major | Keywords: | |
| Cc: | Distribution/OS: | ||
| Bug Status: | New |
Description
#3200 has shown that we need to be careful about any data we get passed from the outside, e.g. via activity bundles. Invalid data from the outside - regardless whether it's because of user (developer) mistake, corrupted files or even outright malice - should not be be able to impact regular Sugar operation. We need to audit all places where we handle data from the outside and check for potential breakage.
Hardening e.g. sugar-toolkit against broken icons doesn't help:
- If a system icon is broken, we'll want to know that.
- Different parts of the system will want to take different actions (e.g. different default icons) for invalid data.
Change History (7)
comment:1 Changed 12 years ago by sascha_silbe
comment:2 Changed 12 years ago by erikos
The olpc activity updater is affected by a broken activity icon as well, and is unusable. But you can quit it in a normal manner.
comment:3 Changed 12 years ago by erikos
- Milestone changed from Unspecified by Release Team to 0.96
- Owner set to sascha_silbe
- Status changed from new to assigned
Assigning this to Sascha so it has an owner and setting the milestone.
comment:4 Changed 11 years ago by sascha_silbe
- Milestone changed from 0.96 to 0.98
comment:5 Changed 11 years ago by godiard
- Milestone changed from 0.98 to 1.0
comment:6 Changed 10 years ago by dnarvaez
- Resolution set to wontfix
- Status changed from assigned to closed
I really think this bug is too generic to be of any use. It applies to any piece of software. I don't see anyone having the time to do a full audit, feel free to do that yourself and post tickets for the issues you find.
Known places that need to be fixed: