diff options
| author |  Berthold Stoeger <bstoeger@mail.tuwien.ac.at> | 2018-02-17 12:33:40 +0100 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2018-02-17 11:06:30 -0800 |
| commit | e880948d73ba06f7af7df7829ae82aeaab17786b (patch) | |
| tree | 9c496ff4eb83a371a86bdd5c1762731c08cbcf43 /core | |
| parent | 88d0ce499d9638d98071c69590238a60d3fe9753 (diff) | |
| download | subsurface-e880948d73ba06f7af7df7829ae82aeaab17786b.tar.gz | |
Cleanup: return copied string from hashstring()
The following statement in the hashstring() function:
return hashOf[QString(filename)].toHex().data();
returns data of the temporary QByteArray generated by toHex().
Thus, the caller will access released memory, which could lead to
data corruption.
Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
Diffstat (limited to 'core')
| -rw-r--r-- | core/qthelper.cpp | 2 | ||||
| -rw-r--r-- | core/save-xml.c | 6 |
2 files changed, 5 insertions, 3 deletions
diff --git a/core/qthelper.cpp b/core/qthelper.cpp index 03dd56637..af0db074c 100644 --- a/core/qthelper.cpp +++ b/core/qthelper.cpp @@ -1071,7 +1071,7 @@ QHash <QString, QImage > thumbnailCache; extern "C" char * hashstring(const char *filename) { QMutexLocker locker(&hashOfMutex); - return hashOf[QString(filename)].toHex().data(); + return strdup(hashOf[QString(filename)].toHex().data()); } const QString hashfile_name() diff --git a/core/save-xml.c b/core/save-xml.c index 0fdd4df79..2a1b31d12 100644 --- a/core/save-xml.c +++ b/core/save-xml.c @@ -435,8 +435,10 @@ static void save_picture(struct membuffer *b, struct picture *pic) put_degrees(b, pic->latitude, " gps='", " "); put_degrees(b, pic->longitude, "", "'"); } - if (hashstring(pic->filename)) - put_format(b, " hash='%s'", hashstring(pic->filename)); + char *hash = hashstring(pic->filename); + if (!empty_string(hash)) + put_format(b, " hash='%s'", hash); + free(hash); put_string(b, "/>\n"); } |