diff options
author | Oswald Buddenhagen <oswald.buddenhagen@qt.io> | 2016-12-19 13:50:17 +0100 |
---|---|---|
committer | Oswald Buddenhagen <oswald.buddenhagen@gmx.de> | 2019-01-14 08:52:15 +0000 |
commit | c365fa49d85810c6ad09bb5f43b5081cd7543bf1 (patch) | |
tree | 12f6db2fe9dfae85734d5e188cfb683dd9ba3e4b /src | |
parent | 6178913a234dfbb5a24c9128f6460f070fb7ce14 (diff) |
fix out-of-bounds access on trailing percent sign in tr() argument
tr() recognizes %n and %Ln. it offers no way to escape lone percent
signs, which implies that they must be interpreted verbatim, which is
what the code actually does. except that it would run off the end if the
% appeared at the end of the string.
Fixes: QTBUG-57171
Done-with: Mateusz Starzycki <mstarzycki@gmail.com>
Change-Id: Icf81925c482be1ea66ec8daafb3e92ad17ea7fab
Reviewed-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/corelib/kernel/qcoreapplication.cpp | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/corelib/kernel/qcoreapplication.cpp b/src/corelib/kernel/qcoreapplication.cpp index 3c8b0f947c..b6b4da3885 100644 --- a/src/corelib/kernel/qcoreapplication.cpp +++ b/src/corelib/kernel/qcoreapplication.cpp @@ -2097,9 +2097,13 @@ static void replacePercentN(QString *result, int n) int len = 0; while ((percentPos = result->indexOf(QLatin1Char('%'), percentPos + len)) != -1) { len = 1; + if (percentPos + len == result->length()) + break; QString fmt; if (result->at(percentPos + len) == QLatin1Char('L')) { ++len; + if (percentPos + len == result->length()) + break; fmt = QLatin1String("%L1"); } else { fmt = QLatin1String("%1"); |