From 28db26f6917174d787bd4c6eadbecebc952d59dc Mon Sep 17 00:00:00 2001
From: Edward Welbourne <edward.welbourne@theqtcompany.com>
Date: Mon, 30 May 2016 15:25:06 +0200
Subject: qtestcase: Fix buffer over-run, '\0' appended beyond buffer end
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Noticed by Coverity (CID 161673).  If the file being read contains
enough to fill the buffer, read() shall do that and return the nbytes
it was passed; as this was the size of the buffer, subsequently
writing a '\0' at this index in buffer is out of bounds.  Fortunately,
/proc/self/status is typically < 1k so fits well inside the 2k buffer.
All the same, we can safely pass sizeof(buffer) - 1 as nbytes and *be
sure* of not getting a buffer over-run.

Change-Id: Ib620a330fbc94f0579c953737f7c4417ca449968
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@theqtcompany.com>
---
 src/testlib/qtestcase.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/testlib')

diff --git a/src/testlib/qtestcase.cpp b/src/testlib/qtestcase.cpp
index 62649441db..eae490e278 100644
--- a/src/testlib/qtestcase.cpp
+++ b/src/testlib/qtestcase.cpp
@@ -2514,7 +2514,7 @@ static bool debuggerPresent()
     if (fd == -1)
         return false;
     char buffer[2048];
-    ssize_t size = read(fd, buffer, sizeof(buffer));
+    ssize_t size = read(fd, buffer, sizeof(buffer) - 1);
     if (size == -1) {
         close(fd);
         return false;
-- 
cgit v1.2.3