diff options
| author | Mårten Nordheim <marten.nordheim@qt.io> | 2020-12-03 15:08:52 +0100 |
|---|---|---|
| committer | Mårten Nordheim <marten.nordheim@qt.io> | 2020-12-04 11:22:38 +0100 |
| commit | 710886fbdd993c3a618ea8bc8b59fbb3e18cfbf0 (patch) | |
| tree | 57e7c300396f46148adaa7910ca93ef3d5a357ba /src/network | |
| parent | 47923f7d4766a3b8943d292798b5b7e8792e598c (diff) | |
QSocks5SocketEngine: fix reference to dangling data
Following a41c61fb2d2f973fd1cd5e95ee5be1ac1a4f8433 QIODevice may try to
copy the QByteArray itself (rather than the data it points to). This can
lead referencing dangling data when the QByteArray is initialized with
raw data.
Pick-to: 6.0
Change-Id: I481695b33f251f750ef482d72b81636f0d4bf462
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Diffstat (limited to 'src/network')
| -rw-r--r-- | src/network/socket/qsocks5socketengine.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/network/socket/qsocks5socketengine.cpp b/src/network/socket/qsocks5socketengine.cpp index a88931f707..339116d402 100644 --- a/src/network/socket/qsocks5socketengine.cpp +++ b/src/network/socket/qsocks5socketengine.cpp @@ -1525,8 +1525,12 @@ qint64 QSocks5SocketEngine::write(const char *data, qint64 len) if (!d->data->authenticator->seal(buf, &sealedBuf)) { // ### Handle this error. } + // We pass pointer and size because 'sealedBuf' is (most definitely) raw data: + // QIODevice might have to cache the byte array if the socket cannot write the data. + // If the _whole_ array needs to be cached then it would simply store a copy of the + // array whose data will go out of scope and be deallocated before it can be used. + qint64 written = d->data->controlSocket->write(sealedBuf.constData(), sealedBuf.size()); - qint64 written = d->data->controlSocket->write(sealedBuf); if (written <= 0) { QSOCKS5_Q_DEBUG << "native write returned" << written; return written; |