JIT: Fix buffer writing in vprintf()

qvsnprintf() can return -1, as well as QIODevice::write(). We must not
pass a negative number to memset(), and we need to loop the writes in
case the actually written bytes were less than what we asked for.

Coverity-Id: 408783
Change-Id: Id697ae38c0342afa81590a570358d5fcc3aa8656
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Fabian Kosmale <fabian.kosmale@qt.io>

1 files changed, 14 insertions, 4 deletions

diff --git a/src/qml/jit/qv4assemblercommon.cpp b/src/qml/jit/qv4assemblercommon.cpp
index 3938265019..2b33d0aa10 100644
--- a/src/qml/jit/qv4assemblercommon.cpp
+++ b/src/qml/jit/qv4assemblercommon.cpp
@@ -44,10 +44,20 @@ public:
 
     void vprintf(const char* format, va_list argList) override WTF_ATTRIBUTE_PRINTF(2, 0)
     {
-        const int written = qvsnprintf(buf.data(), buf.size(), format, argList);
-        if (written > 0)
-            dest->write(buf.constData(), written);
-        memset(buf.data(), 0, qMin(written, buf.size()));
+        const int printed = qvsnprintf(buf.data(), buf.size(), format, argList);
+        Q_ASSERT(printed <= buf.size());
+
+        qint64 written = 0;
+        while (written < printed) {
+            const qint64 result = dest->write(buf.constData() + written, printed - written);
+            if (result < 0)
+                break;
+            written += result;
+        }
+
+        Q_ASSERT(written <= buf.size());
+        Q_ASSERT(written >= 0);
+        memset(buf.data(), 0, size_t(written));
     }
 
     void flush() override