D29634: sftp: break large writes into multiple requests

Alexander Saoutkin noreply at phabricator.kde.org
Mon May 11 17:18:15 BST 2020


feverfew added a comment.


  Seems like something similar should also occur in `FileJob::write`?

INLINE COMMENTS

> kio_sftp.cpp:1831-1832
> +            while (offset < buffer.size()) {
> +                const auto length = qMin<int>(MAX_XFER_BUF_SIZE, buffer.size());
> +                ssize_t bytesWritten = sftp_write(file, buffer.data() + offset, length);
> +                if (bytesWritten < 0) {

AFAICT the size of the buffer never changes so this will easily cause a buffer overrun if I'm not mistaken?

Say for example you have a buffer with `buffer.size() == MAX_XFER_BUF_SIZE + 1`. Then on the second iteration of the while loop (assuming `bytesWritten == MAX_XFER_BUF_SIZE`) you'll do a `sftp_write()` pointing to a `char` buffer of size 1, but which incorrectly states that the size is `MAX_XFER_BUF_SIZE`.

REPOSITORY
  R320 KIO Extras

REVISION DETAIL
  https://phabricator.kde.org/D29634

To: sitter, ngraham
Cc: feverfew, kde-frameworks-devel, kfm-devel, waitquietly, azyx, nikolaik, pberestov, iasensio, aprcela, fprice, LeGast00n, cblack, fbampaloukas, alexde, Codezela, meven, michaelh, spoorun, navarromorales, firef, ngraham, andrebarros, bruns, emmanuelp, rdieter, mikesomov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20200511/a44c2265/attachment.htm>


More information about the Kde-frameworks-devel mailing list