diff options
| author | Oswald Buddenhagen <oswald.buddenhagen@qt.io> | 2017-08-11 14:36:23 +0200 |
|---|---|---|
| committer | Oswald Buddenhagen <oswald.buddenhagen@qt.io> | 2018-03-14 15:35:13 +0000 |
| commit | 42e3f980ecbedb3ec0a65d71bba4da4d4d1a5ef2 (patch) | |
| tree | fbbe1ffb5f4ccb0e8f0e23149fe60f656a70a19d | |
| parent | c76fc433eb3c22d67ba0149b7b2aa63328d27185 (diff) | |
| download | qt-creator-42e3f980ecbedb3ec0a65d71bba4da4d4d1a5ef2.tar.gz | |
qmake: fix hypothetical raw data leaks relating to qt i/o classes
technically, we should not rely on the i/o classes not storing the
strings beyond the instantiated object's life time.
Change-Id: I0990769b3cf86860184869036c096c531160e9be
Reviewed-by: Joerg Bornemann <joerg.bornemann@qt.io>
(cherry picked from qtbase/702be65532263bd52ad0b67235c112083120699e)
Reviewed-by: Tobias Hunger <tobias.hunger@qt.io>
| -rw-r--r-- | src/shared/proparser/qmakebuiltins.cpp | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/shared/proparser/qmakebuiltins.cpp b/src/shared/proparser/qmakebuiltins.cpp index 198a85c94c..102252fdaf 100644 --- a/src/shared/proparser/qmakebuiltins.cpp +++ b/src/shared/proparser/qmakebuiltins.cpp @@ -818,7 +818,8 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinExpand( if (args.count() < 1 || args.count() > 2) { evalError(fL1S("cat(file, singleline=true) requires one or two arguments.")); } else { - const QString &file = args.at(0).toQString(m_tmp1); + QString fn = resolvePath(m_option->expandEnvVars(args.at(0).toQString(m_tmp1))); + fn.detach(); bool blob = false; bool lines = false; @@ -833,7 +834,7 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinExpand( lines = true; } - QFile qfile(resolvePath(m_option->expandEnvVars(file))); + QFile qfile(fn); if (qfile.open(QIODevice::ReadOnly)) { QTextStream stream(&qfile); if (blob) { @@ -909,7 +910,7 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinExpand( lines = true; } int exitCode; - QByteArray bytes = getCommandOutput(args.at(0).toQString(m_tmp2), &exitCode); + QByteArray bytes = getCommandOutput(args.at(0).toQString(), &exitCode); if (args.count() > 2 && !args.at(2).isEmpty()) { m_valuemapStack.top()[args.at(2).toKey()] = ProStringList(ProString(QString::number(exitCode))); @@ -1703,7 +1704,7 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinConditional( #ifndef QT_BOOTSTRAPPED QProcess proc; proc.setProcessChannelMode(QProcess::ForwardedChannels); - runProcess(&proc, args.at(0).toQString(m_tmp2)); + runProcess(&proc, args.at(0).toQString()); return returnBool(proc.exitStatus() == QProcess::NormalExit && proc.exitCode() == 0); #else int ec = system((QLatin1String("cd ") @@ -1740,8 +1741,10 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinConditional( return ReturnTrue; int slsh = file.lastIndexOf(QLatin1Char('/')); QString fn = file.mid(slsh+1); + fn.detach(); if (fn.contains(QLatin1Char('*')) || fn.contains(QLatin1Char('?'))) { QString dirstr = file.left(slsh+1); + dirstr.detach(); if (!QDir(dirstr).entryList(QStringList(fn)).isEmpty()) return ReturnTrue; } @@ -1754,7 +1757,8 @@ QMakeEvaluator::VisitReturn QMakeEvaluator::evaluateBuiltinConditional( return ReturnFalse; } #ifdef PROEVALUATOR_FULL - const QString &fn = resolvePath(args.at(0).toQString(m_tmp1)); + QString fn = resolvePath(args.at(0).toQString(m_tmp1)); + fn.detach(); if (!QDir::current().mkpath(fn)) { evalError(fL1S("Cannot create directory %1.").arg(QDir::toNativeSeparators(fn))); return ReturnFalse; |