From 3f94498303cec8f18509ff273254b80a7fe355e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A5rten=20Nordheim?= Date: Thu, 3 Dec 2020 15:08:52 +0100 Subject: QSocks5SocketEngine: fix reference to dangling data Following a41c61fb2d2f973fd1cd5e95ee5be1ac1a4f8433 QIODevice may try to copy the QByteArray itself (rather than the data it points to). This can lead referencing dangling data when the QByteArray is initialized with raw data. Change-Id: I481695b33f251f750ef482d72b81636f0d4bf462 Reviewed-by: Thiago Macieira (cherry picked from commit 710886fbdd993c3a618ea8bc8b59fbb3e18cfbf0) Reviewed-by: Qt Cherry-pick Bot --- src/network/socket/qsocks5socketengine.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/network') diff --git a/src/network/socket/qsocks5socketengine.cpp b/src/network/socket/qsocks5socketengine.cpp index d681bec2d5..4f62e37fbb 100644 --- a/src/network/socket/qsocks5socketengine.cpp +++ b/src/network/socket/qsocks5socketengine.cpp @@ -1525,8 +1525,12 @@ qint64 QSocks5SocketEngine::write(const char *data, qint64 len) if (!d->data->authenticator->seal(buf, &sealedBuf)) { // ### Handle this error. } + // We pass pointer and size because 'sealedBuf' is (most definitely) raw data: + // QIODevice might have to cache the byte array if the socket cannot write the data. + // If the _whole_ array needs to be cached then it would simply store a copy of the + // array whose data will go out of scope and be deallocated before it can be used. + qint64 written = d->data->controlSocket->write(sealedBuf.constData(), sealedBuf.size()); - qint64 written = d->data->controlSocket->write(sealedBuf); if (written <= 0) { QSOCKS5_Q_DEBUG << "native write returned" << written; return written; -- cgit v1.2.3