]> jfr.im git - irc/kvirc/KVIrc.git/commitdiff
projects / irc / kvirc / KVIrc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 6dc728d)
Insert missing null terminator
authorLeo <redacted>
Wed, 10 Mar 2021 16:35:41 +0000 (11:35 -0500)
committerAlexey Sokolov <redacted>
Wed, 16 Jun 2021 11:56:30 +0000 (12:56 +0100)
The existing null terminator in pcBuffer is overwritten with a carriage return. Without re-appending it, the QString(const char*) constructor may attempt an illegal read.

src/kvirc/kernel/KviIrcConnection.cpp patch | blob | blame | history

diff --git a/src/kvirc/kernel/KviIrcConnection.cpp b/src/kvirc/kernel/KviIrcConnection.cpp
index 391544d6aeb9de509de977bf18958ffb54ebab1c..b43bec68a35dc13dbdf43d26fd2a6de6325ac85c 100644 (file)
--- a/src/kvirc/kernel/KviIrcConnection.cpp
+++ b/src/kvirc/kernel/KviIrcConnection.cpp
@@ -832,10 +832,11 @@ bool KviIrcConnection::sendData(const char * pcBuffer, int iBuflen)
                        m_pConsole->outputNoFmt(KVI_OUT_SOCKETWARNING, __tr2qs("[LINK WARNING]: Socket message truncated to 512 bytes."));
        }
 
-       KviDataBuffer * pData = new KviDataBuffer(iBuflen + 2);
+       KviDataBuffer * pData = new KviDataBuffer(iBuflen + 3);
        KviMemory::move(pData->data(), pcBuffer, iBuflen);
        *(pData->data() + iBuflen) = '\r';
        *(pData->data() + iBuflen + 1) = '\n';
+       *(pData->data() + iBuflen + 2) = '\0';
 
        QString szMsg = (const char *)(pData->data());
        szMsg.truncate(iBuflen);
Unnamed repository; edit this file 'description' to name the repository.