QString: Respect precision when reading data for %.*s format string

If we disregard the precision we may read a very large string that we
subsequently discard. Furthermore, people use this to read
non-null-terminated strings, which randomly crashes.

Pick-to: 5.15 6.1 6.2
Change-Id: Ifa255dbe71c82d3d4fb46adfef7a9dc74bd40cee
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>

1 files changed, 8 insertions, 4 deletions

diff --git a/src/corelib/text/qstring.cpp b/src/corelib/text/qstring.cpp
index a8f0c0b142..c98e4ba6d9 100644
--- a/src/corelib/text/qstring.cpp
+++ b/src/corelib/text/qstring.cpp
@@ -6774,13 +6774,17 @@ QString QString::vasprintf(const char *cformat, va_list ap)
                 if (length_mod == lm_l) {
                     const ushort *buff = va_arg(ap, const ushort*);
                     const ushort *ch = buff;
-                    while (*ch != 0)
+                    while (precision != 0 && *ch != 0) {
                         ++ch;
+                        --precision;
+                    }
                     subst.setUtf16(buff, ch - buff);
-                } else
+                } else if (precision == -1) {
                     subst = QString::fromUtf8(va_arg(ap, const char*));
-                if (precision != -1)
-                    subst.truncate(precision);
+                } else {
+                    const char *buff = va_arg(ap, const char*);
+                    subst = QString::fromUtf8(buff, qstrnlen(buff, precision));
+                }
                 ++c;
                 break;
             }