diff options
author | Oleg Shparber <trollixx@gmail.com> | 2014-04-11 18:05:18 -0700 |
---|---|---|
committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-04-16 02:27:01 +0200 |
commit | 7d04c97a566c3ec6b17101d7a511767ba09da9a6 (patch) | |
tree | 5931db817b8be5daad4fd6d444339d6d06f8c4bf | |
parent | 99a53598a952f775f8ce8a3b1bf66cf81cb63761 (diff) | |
download | qtconnectivity-7d04c97a566c3ec6b17101d7a511767ba09da9a6.tar.gz |
Fix internal buffer corruption in QBluetoothSocket (BlueZ)
When _q_readNotify() is called and no data is available (e.g. in case
of timeout), then the internal buffer grows indefinitely, causing a
one time corruption of the following good data.
Change-Id: I75929382db73953bbccdd86b9ae248329df879fa
Reviewed-by: Alex Blasche <alexander.blasche@digia.com>
-rw-r--r-- | src/bluetooth/qbluetoothsocket_bluez.cpp | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/bluetooth/qbluetoothsocket_bluez.cpp b/src/bluetooth/qbluetoothsocket_bluez.cpp index 459d9f5e..7ff96dd9 100644 --- a/src/bluetooth/qbluetoothsocket_bluez.cpp +++ b/src/bluetooth/qbluetoothsocket_bluez.cpp @@ -226,6 +226,7 @@ void QBluetoothSocketPrivate::_q_readNotify() char *writePointer = buffer.reserve(QPRIVATELINEARBUFFER_BUFFERSIZE); // qint64 readFromDevice = q->readData(writePointer, QPRIVATELINEARBUFFER_BUFFERSIZE); int readFromDevice = ::read(socket, writePointer, QPRIVATELINEARBUFFER_BUFFERSIZE); + buffer.chop(QPRIVATELINEARBUFFER_BUFFERSIZE - (readFromDevice < 0 ? 0 : readFromDevice)); if(readFromDevice <= 0){ int errsv = errno; readNotifier->setEnabled(false); @@ -240,8 +241,6 @@ void QBluetoothSocketPrivate::_q_readNotify() q->disconnectFromService(); } else { - buffer.chop(QPRIVATELINEARBUFFER_BUFFERSIZE - (readFromDevice < 0 ? 0 : readFromDevice)); - emit q->readyRead(); } } |