QTeamCityLogger: fix .arg() placeholder injection

Since each .arg() call starts from scratch, a file name containing a
suitable %n would mess up the formatting of the following .arg() call.

Fix by using multiArg(), which requires to pre-format the line into a
QString, but which performs only a single-pass, so doesn't suffer from
the placeholder injection problem that plagues .arg()-chaining.

Pick-to: 6.3 6.2 5.15
Change-Id: I549527643da657fca0bea63d5e3becadac529d4b
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>

1 files changed, 2 insertions, 3 deletions

diff --git a/src/testlib/qteamcitylogger.cpp b/src/testlib/qteamcitylogger.cpp
index 9311f24a57..b930777a6d 100644
--- a/src/testlib/qteamcitylogger.cpp
+++ b/src/testlib/qteamcitylogger.cpp
@@ -268,9 +268,8 @@ void QTeamCityLogger::addPendingMessage(const char *type, const QString &msg, co
 
     if (file) {
         pendMessage += "%1 |[Loc: %2(%3)|]: %4"_L1
-                .arg(QString::fromUtf8(type), QString::fromUtf8(file))
-                .arg(line)
-                .arg(msg);
+                .arg(QString::fromUtf8(type), QString::fromUtf8(file),
+                     QString::number(line), msg);
 
     } else {
         pendMessage += "%1: %2"_L1.arg(QString::fromUtf8(type), msg);