From e880948d73ba06f7af7df7829ae82aeaab17786b Mon Sep 17 00:00:00 2001 From: Berthold Stoeger Date: Sat, 17 Feb 2018 12:33:40 +0100 Subject: Cleanup: return copied string from hashstring() The following statement in the hashstring() function: return hashOf[QString(filename)].toHex().data(); returns data of the temporary QByteArray generated by toHex(). Thus, the caller will access released memory, which could lead to data corruption. Signed-off-by: Berthold Stoeger --- core/qthelper.cpp | 2 +- core/save-xml.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/core/qthelper.cpp b/core/qthelper.cpp index 03dd56637..af0db074c 100644 --- a/core/qthelper.cpp +++ b/core/qthelper.cpp @@ -1071,7 +1071,7 @@ QHash thumbnailCache; extern "C" char * hashstring(const char *filename) { QMutexLocker locker(&hashOfMutex); - return hashOf[QString(filename)].toHex().data(); + return strdup(hashOf[QString(filename)].toHex().data()); } const QString hashfile_name() diff --git a/core/save-xml.c b/core/save-xml.c index 0fdd4df79..2a1b31d12 100644 --- a/core/save-xml.c +++ b/core/save-xml.c @@ -435,8 +435,10 @@ static void save_picture(struct membuffer *b, struct picture *pic) put_degrees(b, pic->latitude, " gps='", " "); put_degrees(b, pic->longitude, "", "'"); } - if (hashstring(pic->filename)) - put_format(b, " hash='%s'", hashstring(pic->filename)); + char *hash = hashstring(pic->filename); + if (!empty_string(hash)) + put_format(b, " hash='%s'", hash); + free(hash); put_string(b, "/>\n"); } -- cgit v1.2.3-70-g09d2