From cdc2a0f72334268684e0407e9b04b3188e00d4bf Mon Sep 17 00:00:00 2001 From: Oswald Buddenhagen Date: Wed, 5 Feb 2014 21:26:37 +0100 Subject: [PATCH] fix raw data leak in $$sprintf() it could be only triggered by abusing the function (no expansion actually done), and nobody is using this to start with, but still ... Change-Id: I3d4a23ae4d1eea07955572d8213094e0dc218f6d Reviewed-by: Daniel Teske --- src/shared/proparser/qmakebuiltins.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/proparser/qmakebuiltins.cpp b/src/shared/proparser/qmakebuiltins.cpp index 12cc2ffd9c9..d51b476d8d3 100644 --- a/src/shared/proparser/qmakebuiltins.cpp +++ b/src/shared/proparser/qmakebuiltins.cpp @@ -508,7 +508,7 @@ ProStringList QMakeEvaluator::evaluateBuiltinExpand( QString tmp = args.at(0).toQString(m_tmp1); for (int i = 1; i < args.count(); ++i) tmp = tmp.arg(args.at(i).toQString(m_tmp2)); - ret << ProString(tmp); + ret << (tmp.isSharedWith(m_tmp1) ? args.at(0) : ProString(tmp).setSource(args.at(0))); } break; case E_FORMAT_NUMBER: