From 1f9a06c2949cd206235e75d20d0183fee927cb3e Mon Sep 17 00:00:00 2001
From: Maurice Kalinowski <maurice.kalinowski@theqtcompany.com>
Date: Wed, 20 Jan 2016 11:26:19 +0100
Subject: winrt: Fix potential crash in readDatagram

The native socket engine used strcpy for WinRT, which tries to copy
terminating null character. The QSocketNotifier::async_readDatagramSlot
autotest uses a buffer of size 1, which causes readDatagram to overwrite
the buffer on the stack.

Hence use memcpy instead to protect from additional copies beyond
barriers. Note that we cannot use qstrcpy as that does a buf[size-1] =
'\0' at the end, which would remove content for a buf size of 1.

Change-Id: I20baf9e63646cd28c1c954a20b8ae9c7d5873c31
Reviewed-by: Oliver Wolff <oliver.wolff@theqtcompany.com>
---
 src/network/socket/qnativesocketengine_winrt.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/network/socket/qnativesocketengine_winrt.cpp b/src/network/socket/qnativesocketengine_winrt.cpp
index 1c68b28784..35b7d5474b 100644
--- a/src/network/socket/qnativesocketengine_winrt.cpp
+++ b/src/network/socket/qnativesocketengine_winrt.cpp
@@ -578,7 +578,7 @@ qint64 QNativeSocketEngine::readDatagram(char *data, qint64 maxlen, QIpPacketHea
     } else {
         readOrigin = datagram.data;
     }
-    strcpy(data, readOrigin);
+    memcpy(data, readOrigin, qMin(maxlen, qint64(datagram.data.length())));
     return readOrigin.length();
 }
 
-- 
cgit v1.2.3