1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

winrt: Fix potential crash in readDatagram

Browse Source 
The native socket engine used strcpy for WinRT, which tries to copy
terminating null character. The QSocketNotifier::async_readDatagramSlot
autotest uses a buffer of size 1, which causes readDatagram to overwrite
the buffer on the stack.

Hence use memcpy instead to protect from additional copies beyond
barriers. Note that we cannot use qstrcpy as that does a buf[size-1] =
'\0' at the end, which would remove content for a buf size of 1.

Change-Id: I20baf9e63646cd28c1c954a20b8ae9c7d5873c31
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
This commit is contained in:
Maurice Kalinowski 2016-01-20 11:26:19 +01:00
parent f05c597ae5
commit 1f9a06c294
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/network/socket/qnativesocketengine_winrt.cpp
View File

@ -578,7 +578,7 @@ qint64 QNativeSocketEngine::readDatagram(char *data, qint64 maxlen, QIpPacketHea
} else {
readOrigin = datagram.data;
}
strcpy(data, readOrigin);
memcpy(data, readOrigin, qMin(maxlen, qint64(datagram.data.length())));
return readOrigin.length();
}