1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

QLibrary: fix possible arg() format clobbering

Browse Source 
The fileName could potentially contain the string "%n", n ≤ 5, in
which case the following .arg() calls would interpolate their
arguments at the wrong position.

Fix by interpolating fileName last.

Pick-to: 6.3 6.2 5.15
Change-Id: I1a75a7671cbfe85ba3b2df240c3ef74482fc848d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
This commit is contained in:
Marc Mutz 2022-03-14 16:24:55 +01:00
parent ce83a03cfd
commit 3636325946
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/corelib/plugin/qlibrary.cpp
View File

@ -784,12 +784,12 @@ void QLibraryPrivate::updatePluginState()
QFile::encodeName(fileName).constData(),
(qt_version&0xff0000) >> 16, (qt_version&0xff00) >> 8, qt_version&0xff,
debug ? "debug" : "release");
errorString = QLibrary::tr("The plugin '%1' uses incompatible Qt library. (%2.%3.%4) [%5]")
.arg(fileName)
errorString = QLibrary::tr("The plugin '%5' uses incompatible Qt library. (%1.%2.%3) [%4]")
.arg((qt_version&0xff0000) >> 16)
.arg((qt_version&0xff00) >> 8)
.arg(qt_version&0xff)
.arg(debug ? QLatin1String("debug") : QLatin1String("release"));
.arg(debug ? QLatin1String("debug") : QLatin1String("release"))
.arg(fileName);
} else if (PluginMustMatchQtDebug && debug != QtBuildIsDebug) {
//don't issue a qWarning since we will hopefully find a non-debug? --Sam
errorString = QLibrary::tr("The plugin '%1' uses incompatible Qt library."