feverfew added a comment.
Seems like something similar should also occur in `FileJob::write`?
INLINE COMMENTS
> kio_sftp.cpp:1831-1832
> + while (offset < buffer.size()) {
> + const auto length = qMin<int>(MAX_XFER_BUF_SIZE,
> buffer.size());
> + ssize_t bytesWritten = sftp_write(file, buffer.data() +
> offset, length);
> + if (bytesWritten < 0) {
AFAICT the size of the buffer never changes so this will easily cause a buffer
overrun if I'm not mistaken?
Say for example you have a buffer with `buffer.size() == MAX_XFER_BUF_SIZE +
1`. Then on the second iteration of the while loop (assuming `bytesWritten ==
MAX_XFER_BUF_SIZE`) you'll do a `sftp_write()` pointing to a `char` buffer of
size 1, but which incorrectly states that the size is `MAX_XFER_BUF_SIZE`.
REPOSITORY
R320 KIO Extras
REVISION DETAIL
https://phabricator.kde.org/D29634
To: sitter, ngraham
Cc: feverfew, kde-frameworks-devel, kfm-devel, waitquietly, azyx, nikolaik,
pberestov, iasensio, aprcela, fprice, LeGast00n, cblack, fbampaloukas, alexde,
Codezela, meven, michaelh, spoorun, navarromorales, firef, ngraham,
andrebarros, bruns, emmanuelp, rdieter, mikesomov
