From 4accb03289285610928199e9ab50ea2620d5e3d8 Mon Sep 17 00:00:00 2001
From: Alex Blasche <alexander.blasche@digia.com>
Date: Mon, 13 Oct 2014 10:43:44 +0200
Subject: [PATCH] Catch segfault when passing 0 to
 QBluetoothTransferManager::put()

Change-Id: I8c659233fd6eb2232d7bd9d904ce14f1de8a9d34
Reviewed-by: Timur Pocheptsov <Timur.Pocheptsov@digia.com>
Reviewed-by: Alex Blasche <alexander.blasche@digia.com>
---
 src/bluetooth/qbluetoothtransferreply_bluez.cpp  |  8 ++++++++
 src/bluetooth/qbluetoothtransferreply_qnx.cpp    |  9 +++++++++
 .../tst_qbluetoothtransfermanager.cpp            | 16 ++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/src/bluetooth/qbluetoothtransferreply_bluez.cpp b/src/bluetooth/qbluetoothtransferreply_bluez.cpp
index f0806d5e..43a83d71 100644
--- a/src/bluetooth/qbluetoothtransferreply_bluez.cpp
+++ b/src/bluetooth/qbluetoothtransferreply_bluez.cpp
@@ -70,6 +70,14 @@ QBluetoothTransferReplyBluez::QBluetoothTransferReplyBluez(QIODevice *input, con
     setRequest(request);
     setManager(parent);
 
+    if (!input) {
+        qCWarning(QT_BT_BLUEZ) << "Invalid input device (null)";
+        m_errorStr = QBluetoothTransferReply::tr("Invalid input device (null)");
+        m_error = QBluetoothTransferReply::FileNotFoundError;
+        m_finished = true;
+        return;
+    }
+
     if (isBluez5()) {
         m_clientBluez = new OrgBluezObexClient1Interface(QStringLiteral("org.bluez.obex"),
                                                         QStringLiteral("/org/bluez/obex"),
diff --git a/src/bluetooth/qbluetoothtransferreply_qnx.cpp b/src/bluetooth/qbluetoothtransferreply_qnx.cpp
index 9a717f69..d0e763cd 100644
--- a/src/bluetooth/qbluetoothtransferreply_qnx.cpp
+++ b/src/bluetooth/qbluetoothtransferreply_qnx.cpp
@@ -65,6 +65,15 @@ QBluetoothTransferReplyQnx::QBluetoothTransferReplyQnx(QIODevice *input, const Q
 {
     setRequest(request);
     setManager(parent);
+
+    if (!input) {
+        qCWarning(QT_BT_QNX) << "Invalid input device (null)";
+        m_errorStr = QBluetoothTransferReply::tr("Invalid input device (null)");
+        m_error = QBluetoothTransferReply::FileNotFoundError;
+        m_finished = true;
+        return;
+    }
+
     ppsRegisterControl();
     //qsrand(QTime::currentTime().msec());
     //m_agent_path = agentPath;
diff --git a/tests/auto/qbluetoothtransfermanager/tst_qbluetoothtransfermanager.cpp b/tests/auto/qbluetoothtransfermanager/tst_qbluetoothtransfermanager.cpp
index b2c55da5..b39e6292 100644
--- a/tests/auto/qbluetoothtransfermanager/tst_qbluetoothtransfermanager.cpp
+++ b/tests/auto/qbluetoothtransfermanager/tst_qbluetoothtransfermanager.cpp
@@ -84,6 +84,8 @@ private slots:
 
     void tst_sendBuffer_data();
     void tst_sendBuffer();
+
+    void tst_sendNullPointer();
 private:
     QBluetoothAddress remoteAddress;
 };
@@ -344,6 +346,20 @@ void tst_QBluetoothTransferManager::tst_sendBuffer()
     QVERIFY(!reply->isRunning());
 }
 
+void tst_QBluetoothTransferManager::tst_sendNullPointer()
+{
+    QBluetoothTransferRequest request(remoteAddress);
+    QBluetoothTransferManager manager;
+    QBluetoothTransferReply *reply = manager.put(request, 0);
+
+    QVERIFY(reply);
+    QCOMPARE(reply->isFinished(), true);
+    QCOMPARE(reply->isRunning(), false);
+    QCOMPARE(reply->manager(), &manager);
+    QCOMPARE(reply->request(), request);
+    QCOMPARE(reply->error(), QBluetoothTransferReply::FileNotFoundError);
+}
+
 QTEST_MAIN(tst_QBluetoothTransferManager)
 
 #include "tst_qbluetoothtransfermanager.moc"
-- 
GitLab