From e880948d73ba06f7af7df7829ae82aeaab17786b Mon Sep 17 00:00:00 2001
From: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
Date: Sat, 17 Feb 2018 12:33:40 +0100
Subject: Cleanup: return copied string from hashstring()

The following statement in the hashstring() function:
  return hashOf[QString(filename)].toHex().data();
returns data of the temporary QByteArray generated by toHex().
Thus, the caller will access released memory, which could lead to
data corruption.

Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>
---
 core/save-xml.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'core/save-xml.c')

diff --git a/core/save-xml.c b/core/save-xml.c
index 0fdd4df79..2a1b31d12 100644
--- a/core/save-xml.c
+++ b/core/save-xml.c
@@ -435,8 +435,10 @@ static void save_picture(struct membuffer *b, struct picture *pic)
 		put_degrees(b, pic->latitude, " gps='", " ");
 		put_degrees(b, pic->longitude, "", "'");
 	}
-	if (hashstring(pic->filename))
-		put_format(b, " hash='%s'", hashstring(pic->filename));
+	char *hash = hashstring(pic->filename);
+	if (!empty_string(hash))
+		put_format(b, " hash='%s'", hash);
+	free(hash);
 
 	put_string(b, "/>\n");
 }
-- 
cgit v1.2.3-70-g09d2