QLibrary: fix possible arg() format clobbering

The fileName could potentially contain the string "%n", n ≤ 5, in
which case the following .arg() calls would interpolate their
arguments at the wrong position.

Fix by interpolating fileName last.

Change-Id: I1a75a7671cbfe85ba3b2df240c3ef74482fc848d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
(cherry picked from commit 3636325946b471d48043540e309bf6f52be45331)
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Sona Kurazyan <sona.kurazyan@qt.io>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/corelib/plugin/qlibrary.cpp b/src/corelib/plugin/qlibrary.cpp
index 4d38a19802..54c8b71203 100644
--- a/src/corelib/plugin/qlibrary.cpp
+++ b/src/corelib/plugin/qlibrary.cpp
@@ -806,12 +806,12 @@ void QLibraryPrivate::updatePluginState()
                  (qt_version&0xff0000) >> 16, (qt_version&0xff00) >> 8, qt_version&0xff,
                  debug ? "debug" : "release");
         }
-        errorString = QLibrary::tr("The plugin '%1' uses incompatible Qt library. (%2.%3.%4) [%5]")
-            .arg(fileName)
+        errorString = QLibrary::tr("The plugin '%5' uses incompatible Qt library. (%1.%2.%3) [%4]")
             .arg((qt_version&0xff0000) >> 16)
             .arg((qt_version&0xff00) >> 8)
             .arg(qt_version&0xff)
-            .arg(debug ? QLatin1String("debug") : QLatin1String("release"));
+            .arg(debug ? QLatin1String("debug") : QLatin1String("release"))
+            .arg(fileName);
 #ifndef QT_NO_DEBUG_PLUGIN_CHECK
     } else if(debug != QLIBRARY_AS_DEBUG) {
         //don't issue a qWarning since we will hopefully find a non-debug? --Sam