D29634: sftp: break large writes into multiple requests
Alexander Saoutkin
noreply at phabricator.kde.org
Mon May 11 17:18:15 BST 2020
feverfew added a comment.
Seems like something similar should also occur in `FileJob::write`?
INLINE COMMENTS
> kio_sftp.cpp:1831-1832
> + while (offset < buffer.size()) {
> + const auto length = qMin<int>(MAX_XFER_BUF_SIZE, buffer.size());
> + ssize_t bytesWritten = sftp_write(file, buffer.data() + offset, length);
> + if (bytesWritten < 0) {
AFAICT the size of the buffer never changes so this will easily cause a buffer overrun if I'm not mistaken?
Say for example you have a buffer with `buffer.size() == MAX_XFER_BUF_SIZE + 1`. Then on the second iteration of the while loop (assuming `bytesWritten == MAX_XFER_BUF_SIZE`) you'll do a `sftp_write()` pointing to a `char` buffer of size 1, but which incorrectly states that the size is `MAX_XFER_BUF_SIZE`.
REPOSITORY
R320 KIO Extras
REVISION DETAIL
https://phabricator.kde.org/D29634
To: sitter, ngraham
Cc: feverfew, kde-frameworks-devel, kfm-devel, waitquietly, azyx, nikolaik, pberestov, iasensio, aprcela, fprice, LeGast00n, cblack, fbampaloukas, alexde, Codezela, meven, michaelh, spoorun, navarromorales, firef, ngraham, andrebarros, bruns, emmanuelp, rdieter, mikesomov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20200511/a44c2265/attachment.htm>
More information about the Kde-frameworks-devel
mailing list