Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-38579

Potential bug in QNativeSocketEngine for windows network sockets

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Reported
    • Priority: Not Evaluated
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Network: Sockets
    • Labels:
      None
    • Environment:

      Windows

      Description

      I beleive that QNativeSocketEnginePrivate::nativeWrite() method in src/network/socket/qnativesocketengine_win.cpp contains potential bug.
      In case when WSASend() returns success but ret != len, it tries next send, but bytesToSend isn't decreased like it happens in end of cycle (it didn't reached because of continue operator). This causes data buffer overread and wrong data being sent to remote side. This case may never hapen due to current socket configuration or some API specification details, but these factors looks very sensitive to be changed.
      Affected classes: QAbstractSocket, QTcpSocket, QSslSocket.
      Threrefore, piece of code responsible for handling this sort of case should be either fixed or considered to be dead and removed.

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            peter-har Peter Hartmann
            Reporter:
            artem_pisarenko Artem Pisarenko
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Gerrit Reviews

                There are no open Gerrit changes