diff options
author | Alex Trotsenko <alex1973tr@gmail.com> | 2017-04-28 18:36:04 +0300 |
---|---|---|
committer | Alex Trotsenko <alex1973tr@gmail.com> | 2017-05-02 05:21:29 +0000 |
commit | 91c1b5490e63705b5418ffbae539ff70dbdfe334 (patch) | |
tree | 2ebb0a87d8f41a1c892ecf0e4b8446533880deaa | |
parent | 68df0576dda6bffebdea6bb5e4067ff8e3b21cd0 (diff) |
QWindowsPipeReader: fix possible invalid invocation of ReadFileEx()
If the user calls QLocalSocket::setReadBufferSize() with a value less
than the current size of the pipe buffer, startAsyncRead() would call
ReadFileEx() with invalid parameters:
ReadFileEx(handle, nullptr, some_big_value, ...);
Change-Id: I3d153e3ec34f8038dc001c1c896aeceb666a8979
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
-rw-r--r-- | src/corelib/io/qwindowspipereader.cpp | 4 | ||||
-rw-r--r-- | tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp | 12 |
2 files changed, 14 insertions, 2 deletions
diff --git a/src/corelib/io/qwindowspipereader.cpp b/src/corelib/io/qwindowspipereader.cpp index b8df8e8084..827ed43b63 100644 --- a/src/corelib/io/qwindowspipereader.cpp +++ b/src/corelib/io/qwindowspipereader.cpp @@ -215,13 +215,13 @@ void QWindowsPipeReader::notified(DWORD errorCode, DWORD numberOfBytesRead) void QWindowsPipeReader::startAsyncRead() { const DWORD minReadBufferSize = 4096; - DWORD bytesToRead = qMax(checkPipeState(), minReadBufferSize); + qint64 bytesToRead = qMax(checkPipeState(), minReadBufferSize); if (pipeBroken) return; if (readBufferMaxSize && bytesToRead > (readBufferMaxSize - readBuffer.size())) { bytesToRead = readBufferMaxSize - readBuffer.size(); - if (bytesToRead == 0) { + if (bytesToRead <= 0) { // Buffer is full. User must read data from the buffer // before we can read more from the pipe. return; diff --git a/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp b/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp index a74a056d91..60ee4eb471 100644 --- a/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp +++ b/tests/auto/network/socket/qlocalsocket/tst_qlocalsocket.cpp @@ -625,6 +625,18 @@ void tst_QLocalSocket::readBufferOverflow() QCOMPARE(client.read(buffer, readBufferSize), qint64(readBufferSize)); // no more bytes available QCOMPARE(client.bytesAvailable(), 0); + +#ifdef Q_OS_WIN + // Test overflow caused by an asynchronous pipe operation. + client.setReadBufferSize(1); + serverSocket->write(buffer, 2); + + QVERIFY(client.waitForReadyRead()); + // socket disconnects, if there any error on pipe + QCOMPARE(client.state(), QLocalSocket::ConnectedState); + QCOMPARE(client.bytesAvailable(), qint64(2)); + QCOMPARE(client.read(buffer, 2), qint64(2)); +#endif } static qint64 writeCommand(const QVariant &command, QIODevice *device, int commandCounter) |