qWarning() and similar functions expect a format string as first
parameter.
Using QString's formatting, you should not pass it as first parameter,
but use the "%s" format instead. It's very difficult but it might lead
to format string vulnerabilities.
Signed-off-by: Manuel Nickschas <sputnick@quassel-irc.org>
// ok, create our version.gen now
QFile gen(target);
if(!gen.open(QIODevice::WriteOnly | QIODevice::Text)) {
// ok, create our version.gen now
QFile gen(target);
if(!gen.open(QIODevice::WriteOnly | QIODevice::Text)) {
- qFatal(QString("Could not write %1!").arg(target).toAscii());
+ qFatal("%s", qPrintable(QString("Could not write %1!").arg(target)));
return 255;
}
gen.write(QString("quasselGeneratedVersion = \"%1\";\n"
return 255;
}
gen.write(QString("quasselGeneratedVersion = \"%1\";\n"
//! Signal handler for graceful shutdown.
void handle_signal(int sig) {
//! Signal handler for graceful shutdown.
void handle_signal(int sig) {
- qWarning(QString("Caught signal %1 - exiting.").arg(sig).toAscii());
+ qWarning("%s", qPrintable(QString("Caught signal %1 - exiting.").arg(sig)));
QCoreApplication::quit();
}
QCoreApplication::quit();
}
bool Core::startListening(uint port) {
if(!server.listen(QHostAddress::Any, port)) {
bool Core::startListening(uint port) {
if(!server.listen(QHostAddress::Any, port)) {
- qWarning(qPrintable(QString("Could not open GUI client port %1: %2").arg(port).arg(server.errorString())));
+ qWarning("%s", qPrintable(QString("Could not open GUI client port %1: %2").arg(port).arg(server.errorString())));
return false;
}
qDebug() << "Listening for GUI clients on port" << server.serverPort();
return false;
}
qDebug() << "Listening for GUI clients on port" << server.serverPort();
if(s[pos+1] == 'D') code += s[pos+2];
FormatType ftype = formatType(code);
if(ftype == Invalid) {
if(s[pos+1] == 'D') code += s[pos+2];
FormatType ftype = formatType(code);
if(ftype == Invalid) {
- qWarning(qPrintable(QString("Invalid format code in string: %1").arg(s)));
+ qWarning("%s", qPrintable(QString("Invalid format code in string: %1").arg(s)));
continue;
}
//Q_ASSERT(ftype != Invalid);
continue;
}
//Q_ASSERT(ftype != Invalid);