From 7d04c97a566c3ec6b17101d7a511767ba09da9a6 Mon Sep 17 00:00:00 2001
From: Oleg Shparber <trollixx@gmail.com>
Date: Fri, 11 Apr 2014 18:05:18 -0700
Subject: Fix internal buffer corruption in QBluetoothSocket (BlueZ)

When _q_readNotify() is called and no data is available (e.g. in case
of timeout), then the internal buffer grows indefinitely, causing a
one time corruption of the following good data.

Change-Id: I75929382db73953bbccdd86b9ae248329df879fa
Reviewed-by: Alex Blasche <alexander.blasche@digia.com>
---
 src/bluetooth/qbluetoothsocket_bluez.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src/bluetooth/qbluetoothsocket_bluez.cpp')

diff --git a/src/bluetooth/qbluetoothsocket_bluez.cpp b/src/bluetooth/qbluetoothsocket_bluez.cpp
index 459d9f5e..7ff96dd9 100644
--- a/src/bluetooth/qbluetoothsocket_bluez.cpp
+++ b/src/bluetooth/qbluetoothsocket_bluez.cpp
@@ -226,6 +226,7 @@ void QBluetoothSocketPrivate::_q_readNotify()
     char *writePointer = buffer.reserve(QPRIVATELINEARBUFFER_BUFFERSIZE);
 //    qint64 readFromDevice = q->readData(writePointer, QPRIVATELINEARBUFFER_BUFFERSIZE);
     int readFromDevice = ::read(socket, writePointer, QPRIVATELINEARBUFFER_BUFFERSIZE);
+    buffer.chop(QPRIVATELINEARBUFFER_BUFFERSIZE - (readFromDevice < 0 ? 0 : readFromDevice));
     if(readFromDevice <= 0){
         int errsv = errno;
         readNotifier->setEnabled(false);
@@ -240,8 +241,6 @@ void QBluetoothSocketPrivate::_q_readNotify()
         q->disconnectFromService();
     }
     else {
-        buffer.chop(QPRIVATELINEARBUFFER_BUFFERSIZE - (readFromDevice < 0 ? 0 : readFromDevice));
-
         emit q->readyRead();
     }
 }
-- 
cgit v1.2.3