diff options
author | Maurice Kalinowski <maurice.kalinowski@theqtcompany.com> | 2016-01-20 11:26:19 +0100 |
---|---|---|
committer | Maurice Kalinowski <maurice.kalinowski@theqtcompany.com> | 2016-01-21 05:53:45 +0000 |
commit | 1f9a06c2949cd206235e75d20d0183fee927cb3e (patch) | |
tree | c7c31fab20d4ad550a3bd014a2ceeb18bb4060bd /src | |
parent | f05c597ae506ea6163394dbb6b70ecc77fae3b3c (diff) |
winrt: Fix potential crash in readDatagram
The native socket engine used strcpy for WinRT, which tries to copy
terminating null character. The QSocketNotifier::async_readDatagramSlot
autotest uses a buffer of size 1, which causes readDatagram to overwrite
the buffer on the stack.
Hence use memcpy instead to protect from additional copies beyond
barriers. Note that we cannot use qstrcpy as that does a buf[size-1] =
'\0' at the end, which would remove content for a buf size of 1.
Change-Id: I20baf9e63646cd28c1c954a20b8ae9c7d5873c31
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/network/socket/qnativesocketengine_winrt.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/network/socket/qnativesocketengine_winrt.cpp b/src/network/socket/qnativesocketengine_winrt.cpp index 1c68b28784..35b7d5474b 100644 --- a/src/network/socket/qnativesocketengine_winrt.cpp +++ b/src/network/socket/qnativesocketengine_winrt.cpp @@ -578,7 +578,7 @@ qint64 QNativeSocketEngine::readDatagram(char *data, qint64 maxlen, QIpPacketHea } else { readOrigin = datagram.data; } - strcpy(data, readOrigin); + memcpy(data, readOrigin, qMin(maxlen, qint64(datagram.data.length()))); return readOrigin.length(); } |