5bda2396d1
Build hardening: - Add -fstack-protector-strong, -D_FORTIFY_SOURCE=2, PIE, full RELRO - Enable overflow-checks in Rust release profile Rust backend: - Return null (not panic) if Tokio runtime or QobuzClient init fails - Strip null bytes in FFI JSON callback to prevent CString panics - Document MD5 and password-in-query as Qobuz API constraints C++ frontend: - Validate JSON document before accessing fields in onEvent() - Handle null backend pointer from failed init - Set biography label to PlainText and decode HTML entities to prevent rendering injected content from API responses - Clamp slider position and guard negative durations - Use qint64 for duration formatting to avoid int truncation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3.3 KiB
3.3 KiB