After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 674848 - Crash if you paste long malformed url
Crash if you paste long malformed url
Status: RESOLVED FIXED
Product: epiphany
Classification: Core
Component: [obsolete] URL bar
3.4.x (obsolete)
Other Linux
: Normal critical
: ---
Assigned To: Claudio Saavedra
Epiphany Maintainers
Depends on:
Blocks:
 
 
Reported: 2012-04-26 07:46 UTC by jakob.gillich
Modified: 2012-05-08 09:52 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Example File (51.06 KB, text/html)
2012-04-26 07:46 UTC, jakob.gillich 		  Details
ephy-history-service: trim query strings to avoid reaching sqlite limit (5.40 KB, patch)
2012-04-27 13:31 UTC, Claudio Saavedra 		reviewed Details | Review
ephy-history-service: trim query strings to avoid reaching sqlite limit (4.73 KB, patch)
2012-05-02 14:45 UTC, Claudio Saavedra 		committed Details | Review

Description jakob.gillich 2012-04-26 07:46:15 UTC 
Created attachment 212853 [details]
Example File

OS: Fedora 17 x86_64 up-to-date Beta  & Epiphany 3.4.1

Title says it all. If you paste a malformed URL to the URL bar, Epiphany will crash.

How to reproduce
1. Open the attachment with Epiphany
2. Right click on the icon that indicates that the image failed to load and copy the URL
3. Paste the URL into the URL bar and Epiphany will crash
Comment 1 Claudio Saavedra 2012-04-27 13:31:48 UTC 
Created attachment 212964 [details] [review]
ephy-history-service: trim query strings to avoid reaching sqlite limit

Sqlite limits the length of a LIKE pattern to 50000 bytes, therefore
we need to make sure that longer strings are not used as queries.
Comment 2 Xan Lopez 2012-04-30 09:20:13 UTC 
Review of attachment 212964 [details] [review]:

Sure, makes sense, but I think you could make a small helper method to get the prefix plus the % stuff, since you do this three times in different places.
Comment 3 Claudio Saavedra 2012-04-30 09:23:48 UTC 
Orthogonal to the bug fix.. in a similar fashion there are other steps from the query construction that could be factored out, but since the queries are not exactly the same I'm afraid it would only make it more confusing.
Comment 4 Xan Lopez 2012-04-30 09:40:31 UTC 
(In reply to comment #3)
> Orthogonal to the bug fix.. in a similar fashion there are other steps from the
> query construction that could be factored out, but since the queries are not
> exactly the same I'm afraid it would only make it more confusing.

I think it will make the patch much simpler, really. You can just replace each:

-    char *string = g_strdup_printf ("%%%s%%", (char*)substring->data);

with a 

+  char *string = ephy_create_query_string ("%%%s%%", (char*)substring->data)

which does the 50k prefix thing and then prints to a string that it returns. One method defined, and then the diff in each file is one liner.
Comment 5 Claudio Saavedra 2012-04-30 10:29:45 UTC 
Notice that the 50000 limit only applies to LIKE parameters, not to any query string. Therefore, we can avoid passing the "%%s%%" as a parameter, granted that we don't use LIKE constructs in any other way in the future (I doubt we will ever need to).
Comment 6 Claudio Saavedra 2012-05-02 14:45:15 UTC 
Created attachment 213296 [details] [review]
ephy-history-service: trim query strings to avoid reaching sqlite limit

Sqlite limits the length of a LIKE pattern to 50000 bytes, therefore
we need to make sure that longer strings are not used as queries.
Comment 7 Xan Lopez 2012-05-08 08:26:32 UTC 
Review of attachment 213296 [details] [review]:

I'd make the parameter const char* and get rid of the casts everywhere. Looks great otherwise. Can go to both branches.
Comment 8 Claudio Saavedra 2012-05-08 09:52:53 UTC 
Attachment 213296 [details] pushed as 936e759 - ephy-history-service: trim query strings to avoid reaching sqlite limit