Don't read past the end of the device when parsing tracing data

As the tracing data has its own length field, we need to check that against the device's bytesAvailable() separately. Change-Id: I9e6ed96967b0864f69dc8b1a01e7171589d2701f Reviewed-by: Christian Kandeler <christian.kandeler@qt.io>
author: Ulf Hermann <ulf.hermann@qt.io> 2018-04-20 12:00:36 +0200
committer: Ulf Hermann <ulf.hermann@qt.io> 2018-04-20 12:34:36 +0000
commit: 418734b9f4baaaadd289b6379701912e864330da (patch)
tree: d190ff49ea1e74f7e46c717d9882b3888a1f1506
parent: 3ed8a60b09ebb423fe7d9391a2f59ff834d713ff (diff)
3 files changed, 17 insertions, 9 deletions
diff --git a/app/perfdata.cpp b/app/perfdata.cpp
index ce67043..f9407f6 100644
--- a/app/perfdata.cpp
+++ b/app/perfdata.cpp
@@ -147,15 +147,20 @@ PerfData::ReadStatus PerfData::processEvents(QDataStream &stream)
         if (contentSize == 4) {
             // The content is actually another 4 byte integer,
             // describing the size of the real content that follows.
-            PerfTracingData tracing;
-            quint32 size;
-            stream >> size;
-            tracing.setSize(size);
-            stream >> tracing;
-            m_destination->tracing(tracing);
+            if (m_tracingData.size() == 0) {
+                quint32 size;
+                stream >> size;
+                m_tracingData.setSize(size);
+            }
+            if (stream.device()->bytesAvailable() >= m_tracingData.size()) {
+                stream >> m_tracingData;
+                m_destination->tracing(m_tracingData);
+                m_tracingData = PerfTracingData();
+            } else {
+                return Rerun;
+            }
         } else {
-            // Maybe someone with a brain will fix this eventually ...
-            // then we'll hit this branch.
+            // contentSize is only 16bit. The tracing data frequently exceeds 2^16 bytes.
             qWarning() << "HEADER_TRACING_DATA with unexpected contentSize" << contentSize;
             stream.skipRawData(contentSize);
         }
diff --git a/app/perfdata.h b/app/perfdata.h
index 13d31a0..7daf794 100644
--- a/app/perfdata.h
+++ b/app/perfdata.h
@@ -488,6 +488,7 @@ private:
     const PerfHeader *m_header;
     PerfAttributes *m_attributes;
     PerfEventHeader m_eventHeader;
+    PerfTracingData m_tracingData;
 
     ReadStatus processEvents(QDataStream &stream);
     ReadStatus doRead();
diff --git a/app/perftracingdata.cpp b/app/perftracingdata.cpp
index c58eb99..a50069e 100644
--- a/app/perftracingdata.cpp
+++ b/app/perftracingdata.cpp
@@ -242,8 +242,10 @@ bool PerfTracingData::readEventFormats(QDataStream &stream, const QByteArray &sy
             }
         }
 
-        if (!seenId)
+        if (!seenId) {
+            qWarning() << "No ID seen in event format";
             return false;
+        }
 
         m_eventFormats[id] = event;
     }
author	Ulf Hermann <ulf.hermann@qt.io>	2018-04-20 12:00:36 +0200
committer	Ulf Hermann <ulf.hermann@qt.io>	2018-04-20 12:34:36 +0000
commit	418734b9f4baaaadd289b6379701912e864330da (patch)
tree	d190ff49ea1e74f7e46c717d9882b3888a1f1506
parent	3ed8a60b09ebb423fe7d9391a2f59ff834d713ff (diff)