From 85da1625e47cadf0b41e24863e8988e771e50943 Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Fri, 19 Sep 2014 14:17:46 -0700 Subject: Attempt to make QFile I/O 64-bit safe Use qint64 wherever possible. The linear buffer is never requested to allocate that much memory (always limited), but at least we ensure we're not dropping bits where we shouldn't. Windows's POSIX compatibility layer is never largefile enabled, so it is always necessary to chunk large reads and writes. On Unix, this will be rare, unless someone passed -no-largefile to configure, for some weird reason. Unfortunately, this is not testable, unless we can allocate a buffer with 4 GB or more in size. The test for this would be to open a file we know to be small, then try to read 4 GB + 1 byte. If everything works correctly, we'll read the full file; if there was a truncation, we'd read one byte. Change-Id: If3ee511bf1de17e0123c85bbcaa463b9972746ce Reviewed-by: Kai Koehne Reviewed-by: Thiago Macieira --- src/corelib/io/qfsfileengine.cpp | 41 ++++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 12 deletions(-) (limited to 'src/corelib/io/qfsfileengine.cpp') diff --git a/src/corelib/io/qfsfileengine.cpp b/src/corelib/io/qfsfileengine.cpp index 42250b629dc..a1266902406 100644 --- a/src/corelib/io/qfsfileengine.cpp +++ b/src/corelib/io/qfsfileengine.cpp @@ -73,6 +73,17 @@ QT_BEGIN_NAMESPACE # endif #endif +#ifdef Q_OS_WIN +// on Windows, read() and write() use int and unsigned int +typedef int SignedIOType; +typedef unsigned int UnsignedIOType; +#else +typedef ssize_t SignedIOType; +typedef size_t UnsignedIOType; +Q_STATIC_ASSERT_X(sizeof(SignedIOType) == sizeof(UnsignedIOType), + "Unsupported: read/write return a type with different size as the len parameter"); +#endif + /*! \class QFSFileEngine \inmodule QtCore \brief The QFSFileEngine class implements Qt's default file engine. @@ -605,13 +616,16 @@ qint64 QFSFileEnginePrivate::readFdFh(char *data, qint64 len) } else if (fd != -1) { // Unbuffered stdio mode. -#ifdef Q_OS_WIN - int result; -#else - ssize_t result; -#endif + SignedIOType result; do { - result = QT_READ(fd, data + readBytes, size_t(len - readBytes)); + // calculate the chunk size + // on Windows or 32-bit no-largefile Unix, we'll need to read in chunks + // we limit to the size of the signed type, otherwise we could get a negative number as a result + quint64 wantedBytes = quint64(len) - quint64(readBytes); + UnsignedIOType chunkSize = std::numeric_limits::max(); + if (chunkSize > wantedBytes) + chunkSize = wantedBytes; + result = QT_READ(fd, data + readBytes, chunkSize); } while (result > 0 && (readBytes += result) < len); eof = !(result == -1); @@ -722,13 +736,16 @@ qint64 QFSFileEnginePrivate::writeFdFh(const char *data, qint64 len) } else if (fd != -1) { // Unbuffered stdio mode. -#ifdef Q_OS_WIN - int result; -#else - ssize_t result; -#endif + SignedIOType result; do { - result = QT_WRITE(fd, data + writtenBytes, size_t(len - writtenBytes)); + // calculate the chunk size + // on Windows or 32-bit no-largefile Unix, we'll need to read in chunks + // we limit to the size of the signed type, otherwise we could get a negative number as a result + quint64 wantedBytes = quint64(len) - quint64(writtenBytes); + UnsignedIOType chunkSize = std::numeric_limits::max(); + if (chunkSize > wantedBytes) + chunkSize = wantedBytes; + result = QT_WRITE(fd, data + writtenBytes, chunkSize); } while (result > 0 && (writtenBytes += result) < len); } -- cgit v1.2.3