[gnome-tetravex] Sanitize inputs.
- From: Arnaud B. <arnaudb src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-tetravex] Sanitize inputs.
- Date: Fri, 11 Oct 2019 01:36:48 +0000 (UTC)
commit 3628435abb0f6ebfd026bae1cc6b07b622b64c1f
Author: Arnaud Bonatti <arnaud bonatti gmail com>
Date: Tue Sep 24 12:28:25 2019 +0200
Sanitize inputs.
Try hard to ensure history
strings are not corrupted.
Thanks Al Thomas for info.
meson.build | 1 +
src/history.vala | 34 ++++++++++++----------------------
2 files changed, 13 insertions(+), 22 deletions(-)
---
diff --git a/meson.build b/meson.build
index 69036cb..ac3b9bf 100644
--- a/meson.build
+++ b/meson.build
@@ -22,6 +22,7 @@ datadir = join_paths (get_option ('prefix'), get_option ('datadir'))
# Dependencies
glib_dep = dependency ('glib-2.0', version: '>= 2.40.0')
gtk_dep = dependency ('gtk+-3.0', version: '>= 3.14')
+# TODO build requires vala 0.46.3 for GLib vapi
appstream_util = find_program('appstream-util', required: false)
desktop_file_validate = find_program('desktop-file-validate', required: false)
diff --git a/src/history.vala b/src/history.vala
index aab7d41..157c054 100644
--- a/src/history.vala
+++ b/src/history.vala
@@ -135,38 +135,28 @@ private class History : Object
if (tokens.length != 3)
continue;
- DateTime? date = parse_date (tokens[0]);
+ DateTime? date = new DateTime.from_iso8601 (tokens [0], /* the entries should have a timezone */
null);
if (date == null)
continue;
- uint8 size = (uint8) int.parse (tokens[1]);
- uint duration = (uint) int.parse (tokens[2]);
+ uint64 test;
+ if (!uint64.try_parse (tokens [1], out test))
+ continue;
+ if (test < 2 || test > 6)
+ continue;
+ uint8 size = (uint8) test;
- // FIXME use try_parse
+ if (!uint64.try_parse (tokens [2], out test))
+ continue;
+ if (test > uint.MAX)
+ continue;
+ uint duration = (uint) test;
entries.prepend (new HistoryEntry ((!) date, size, duration));
}
entries.sort (HistoryEntry.compare_entries);
}
- private inline DateTime? parse_date (string date)
- {
- if (date.length < 19 || date[4] != '-' || date[7] != '-' || date[10] != 'T' || date[13] != ':' ||
date[16] != ':')
- return null;
-
- // FIXME use try_parse
-
- int year = int.parse (date.substring (0, 4));
- int month = int.parse (date.substring (5, 2));
- int day = int.parse (date.substring (8, 2));
- int hour = int.parse (date.substring (11, 2));
- int minute = int.parse (date.substring (14, 2));
- int seconds = int.parse (date.substring (17, 2));
- string timezone = date.substring (19);
-
- return new DateTime (new TimeZone (timezone), year, month, day, hour, minute, seconds);
- }
-
/*\
* * saving
\*/
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]