From a quick review, the changes to "torrent.cpp" are to stop arbitrary path overwrites, and the other changes are to protect against heap corruption. I haven't studied the code paths too much, but it feels like a very dedicated attacker could manage to get arbitrary code execution.
(from 91172, now dup'd)
http:// websvn. kde.org/ ?view=rev& revision= 640661
From a quick review, the changes to "torrent.cpp" are to stop arbitrary path overwrites, and the other changes are to protect against heap corruption. I haven't studied the code paths too much, but it feels like a very dedicated attacker could manage to get arbitrary code execution.