You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As pointed out in #2195 (review), we incorrectly use Strings in the SIP crate in places where an OsString or a Vec<u8> would be appropriate.
I think if we do everything correctly, no error handling should be needed for string conversions, and also nothing like to_string_lossy.
There isn't any known issue caused by this yet, but it might be possible to construct an example where this incorrect handling would lead to SIP-sidestepping not working, maybe with some special characters or encoding in file paths or script shebangs.
The text was updated successfully, but these errors were encountered:
Is there any reason we would need to use OsString instead of keeping everything as PathBuf? They do things like handle trailing slashes which is currently done manually
Is PathBuf not just a wrapper around OsString? Keeping everything as Path is still using the underlying OsString but with the guarantee that it's always producing a valid path
As pointed out in #2195 (review), we incorrectly use Strings in the SIP crate in places where an
OsString
or aVec<u8>
would be appropriate.I think if we do everything correctly, no error handling should be needed for string conversions, and also nothing like
to_string_lossy
.There isn't any known issue caused by this yet, but it might be possible to construct an example where this incorrect handling would lead to SIP-sidestepping not working, maybe with some special characters or encoding in file paths or script shebangs.
The text was updated successfully, but these errors were encountered: