fix: security hardening and code quality improvements
Build hardening: - Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO - Enable overflow-checks in Rust release profile Rust backend: - Return null (not panic) if Tokio runtime or QobuzClient init fails - Strip null bytes in FFI JSON callback to prevent CString panics - Document MD5 and password-in-query as Qobuz API constraints C++ frontend: - Validate JSON document before accessing fields in onEvent() - Handle null backend pointer from failed init - Set biography label to PlainText and decode HTML entities to prevent rendering injected content from API responses - Clamp slider position and guard negative durations - Use qint64 for duration formatting to avoid int truncation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
joren
@@ -31,3 +31,4 @@ toml = "0.8"
|
||||
[profile.release]
|
||||
lto = "thin"
|
||||
opt-level = 3
|
||||
overflow-checks = true
|
||||
|
||||
Reference in New Issue
Block a user