Comment 2 for bug 91174

(from 91172, now dup'd)

http://websvn.kde.org/?view=rev&revision=640661

From a quick review, the changes to "torrent.cpp" are to stop arbitrary path overwrites, and the other changes are to protect against heap corruption. I haven't studied the code paths too much, but it feels like a very dedicated attacker could manage to get arbitrary code execution.