Ubuntu
sni-qt package

  1. Bug #874447
  2. Comment #4

Comment 4 for bug 874447

Revision history for this message
Aurélien Gâteau (agateau) wrote : Re: Unsafe m_iconCacheDir handling may result in deletion of home directory

I made some real world testing of that issue with a test user by starting clementine as:

  TMPDIR=/ clementine

It turns out it does not rm the whole home directory: in recursiveRm(), the line dir.rmdir(dir.path()) fails because it calls the C function rmdir() with twice the path: if dir.path() is "./foo/bar", rmdir() is called with "./foo/bar/./foo/bar" which fails (this is visible when running the application with strace). At this point the recursive removal is stopped.

It is still a serious issue as it will remove all files it finds until it tries to backtrack in the tree. Luckily the algorithm is depth-first, if the hierarchy looks like this:

* a1.file
* a2/
** b1.file
** b2.file
** b3/
*** c1.file
*** c2.file
*** c3.file
** b4/
*** c4.file
*** c5.file
*** c6.file
** b5.file
* a3/
* a4.file
* a5/

Assuming the files are returned in the listed order, recursiveRm() will:
- delete a1.file
- go into a2/
- delete a2/b1.file and a2/b2.file
- go into a2/b3/
- delete c1.file, c2.file and c3.file
- try to rmdir a2/b3 but will fail because it will call rmdir("a2/b3/a2/b3")
- stops there

I am preparing a debdiff for an SRU