Joren/qobuz-qt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: security hardening and code quality improvements

Browse Source 
Build hardening:
- Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO
- Enable overflow-checks in Rust release profile

Rust backend:
- Return null (not panic) if Tokio runtime or QobuzClient init fails
- Strip null bytes in FFI JSON callback to prevent CString panics
- Document MD5 and password-in-query as Qobuz API constraints

C++ frontend:
- Validate JSON document before accessing fields in onEvent()
- Handle null backend pointer from failed init
- Set biography label to PlainText and decode HTML entities to prevent
  rendering injected content from API responses
- Clamp slider position and guard negative durations
- Use qint64 for duration formatting to avoid int truncation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
joren
2026-03-24 23:19:04 +01:00
parent eb5c151d3a
commit 5bda2396d1
8 changed files with 51 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/model/tracklistmodel.cpp
View File

@@ -294,7 +294,8 @@ void TrackListModel::sort(int column, Qt::SortOrder order)
QString TrackListModel::formatDuration(qint64 secs)
{
const int m = static_cast<int>(secs / 60);
const int s = static_cast<int>(secs % 60);
if (secs < 0) secs = 0;
const qint64 m = secs / 60;
const qint64 s = secs % 60;
return QStringLiteral("%1:%2").arg(m).arg(s, 2, 10, QLatin1Char('0'));
}