feverfew added a comment.
Seems like something similar should also occur in `FileJob::write`? INLINE COMMENTS > kio_sftp.cpp:1831-1832 > + while (offset < buffer.size()) { > + const auto length = qMin<int>(MAX_XFER_BUF_SIZE, > buffer.size()); > + ssize_t bytesWritten = sftp_write(file, buffer.data() + > offset, length); > + if (bytesWritten < 0) { AFAICT the size of the buffer never changes so this will easily cause a buffer overrun if I'm not mistaken? Say for example you have a buffer with `buffer.size() == MAX_XFER_BUF_SIZE + 1`. Then on the second iteration of the while loop (assuming `bytesWritten == MAX_XFER_BUF_SIZE`) you'll do a `sftp_write()` pointing to a `char` buffer of size 1, but which incorrectly states that the size is `MAX_XFER_BUF_SIZE`. REPOSITORY R320 KIO Extras REVISION DETAIL https://phabricator.kde.org/D29634 To: sitter, ngraham Cc: feverfew, kde-frameworks-devel, kfm-devel, waitquietly, azyx, nikolaik, pberestov, iasensio, aprcela, fprice, LeGast00n, cblack, fbampaloukas, alexde, Codezela, meven, michaelh, spoorun, navarromorales, firef, ngraham, andrebarros, bruns, emmanuelp, rdieter, mikesomov