[date/time] validate strings prior to taking substr()

author Jonathan Marshall <jmarshall@xbmc.org>

Thu, 14 Nov 2013 22:22:48 +0000 (11:22 +1300)

committer Jonathan Marshall <jmarshall@xbmc.org>

Fri, 15 Nov 2013 19:39:24 +0000 (08:39 +1300)
author Jonathan Marshall <jmarshall@xbmc.org>
Thu, 14 Nov 2013 22:22:48 +0000 (11:22 +1300)
committer Jonathan Marshall <jmarshall@xbmc.org>
Fri, 15 Nov 2013 19:39:24 +0000 (08:39 +1300)
diff --git a/xbmc/XBDateTime.cpp b/xbmc/XBDateTime.cpp

index 1d3f9b7..2e9411f 100644 (file)
--- a/xbmc/XBDateTime.cpp
+++ b/xbmc/XBDateTime.cpp
@@ -175,9 +175,12 @@ void CDateTimeSpan::SetDateTimeSpan(int day, int hour, int minute, int second)
  
  void CDateTimeSpan::SetFromTimeString(const CStdString& time) // hh:mm
  {
-  int hour    = atoi(time.substr(0, 2).c_str());
-  int minutes = atoi(time.substr(3, 2).c_str());
-  SetDateTimeSpan(0,hour,minutes,0);
+  if (time.size() >= 5 && time[2] == ':')
+  {
+    int hour    = atoi(time.substr(0, 2).c_str());
+    int minutes = atoi(time.substr(3, 2).c_str());
+    SetDateTimeSpan(0,hour,minutes,0);
+  }
  }
  
  int CDateTimeSpan::GetDays() const
@@ -706,7 +709,7 @@ void CDateTime::SetFromDateString(const CStdString &date)
    }
  
    size_t iPos2 = date.find(",");
-  CStdString strDay = date.substr(iPos, iPos2-iPos);
+  CStdString strDay = (date.size() >= iPos) ? date.substr(iPos, iPos2-iPos) : "";
    CStdString strYear = date.substr(date.find(" ", iPos2) + 1);
    while (months[j] && stricmp(strMonth.c_str(),months[j]) != 0)
      j++;
@@ -970,10 +973,12 @@ void CDateTime::SetFromDBDateTime(const CStdString &dateTime)
  
  void CDateTime::SetFromDBDate(const CStdString &date)
  {
+  if (date.size() < 10)
+    return;
    // assumes format:
    // YYYY-MM-DD or DD-MM-YYYY
    int year = 0, month = 0, day = 0;
-  if (date.size() > 2 && (date[2] == '-' || date[2] == '.'))
+  if (date[2] == '-' || date[2] == '.')
    {
      day = atoi(date.substr(0, 2).c_str());
      month = atoi(date.substr(3, 2).c_str());
@@ -990,6 +995,8 @@ void CDateTime::SetFromDBDate(const CStdString &date)
  
  void CDateTime::SetFromDBTime(const CStdString &time)
  {
+  if (time.size() < 8)
+    return;
    // assumes format:
    // HH:MM:SS
    int hour, minute, second;
diff --git a/xbmc/addons/GUIDialogAddonSettings.cpp b/xbmc/addons/GUIDialogAddonSettings.cpp

index 94b8f17..b61fe85 100644 (file)
--- a/xbmc/addons/GUIDialogAddonSettings.cpp
+++ b/xbmc/addons/GUIDialogAddonSettings.cpp
@@ -438,7 +438,7 @@ bool CGUIDialogAddonSettings::ShowVirtualKeyboard(int iControl)
          else if (strcmp(type, "time") == 0)
          {
            SYSTEMTIME timedate;
-          if (!value.empty())
+          if (value.size() >= 5)
            {
              // assumes HH:MM
              timedate.wHour = atoi(value.substr(0, 2).c_str());
diff --git a/xbmc/filesystem/RTVDirectory.cpp b/xbmc/filesystem/RTVDirectory.cpp

index c0e0468..7b2ffb3 100644 (file)
--- a/xbmc/filesystem/RTVDirectory.cpp
+++ b/xbmc/filesystem/RTVDirectory.cpp
@@ -190,22 +190,26 @@ bool CRTVDirectory::GetDirectory(const CStdString& strPath, CFileItemList &items
          if (recordedNode)
          {
            CStdString strRecorded = recordedNode->FirstChild()->Value();
-          int iYear, iMonth, iDay;
-
-          iYear = atoi(strRecorded.substr(0, 4).c_str());
-          iMonth = atoi(strRecorded.substr(5, 2).c_str());
-          iDay = atoi(strRecorded.substr(8, 2).c_str());
-          dtDateTime.wYear = iYear;
-          dtDateTime.wMonth = iMonth;
-          dtDateTime.wDay = iDay;
-
-          int iHour, iMin, iSec;
-          iHour = atoi(strRecorded.substr(11, 2).c_str());
-          iMin = atoi(strRecorded.substr(14, 2).c_str());
-          iSec = atoi(strRecorded.substr(17, 2).c_str());
-          dtDateTime.wHour = iHour;
-          dtDateTime.wMinute = iMin;
-          dtDateTime.wSecond = iSec;
+
+          if (strRecorded.size() >= 19)
+          {
+            /* TODO:STRING_CLEANUP */
+            int iYear, iMonth, iDay;
+            iYear = atoi(strRecorded.substr(0, 4).c_str());
+            iMonth = atoi(strRecorded.substr(5, 2).c_str());
+            iDay = atoi(strRecorded.substr(8, 2).c_str());
+            dtDateTime.wYear = iYear;
+            dtDateTime.wMonth = iMonth;
+            dtDateTime.wDay = iDay;
+
+            int iHour, iMin, iSec;
+            iHour = atoi(strRecorded.substr(11, 2).c_str());
+            iMin = atoi(strRecorded.substr(14, 2).c_str());
+            iSec = atoi(strRecorded.substr(17, 2).c_str());
+            dtDateTime.wHour = iHour;
+            dtDateTime.wMinute = iMin;
+            dtDateTime.wSecond = iSec;
+          }
          }
  
          // PATH
author	Jonathan Marshall <jmarshall@xbmc.org>
	Thu, 14 Nov 2013 22:22:48 +0000 (11:22 +1300)
committer	Jonathan Marshall <jmarshall@xbmc.org>
	Fri, 15 Nov 2013 19:39:24 +0000 (08:39 +1300)
xbmc/XBDateTime.cpp		patch \| blob \| history
xbmc/addons/GUIDialogAddonSettings.cpp		patch \| blob \| history
xbmc/filesystem/RTVDirectory.cpp		patch \| blob \| history