From ec8808c3020abbc436f1a2d90fecf3245fd6417b Mon Sep 17 00:00:00 2001 From: Edward Welbourne Date: Mon, 19 Apr 2021 13:30:19 +0200 Subject: [PATCH] Return early from QTimeZone constructor if alleged IANA ID is invalid If the ID isn't even valid, don't waste cycles trying to make sense of it as identifying a time-zone. Add test of an invalid ID that provoked an integer overflow on trying to parse it as a POSIX zone specification. Fixes: QTBUG-92842 Change-Id: Ib80bbb88c11c0484ce0358acabbdc25c5bd8e0b3 Reviewed-by: Thiago Macieira --- src/corelib/time/qtimezone.cpp | 3 +++ tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp | 3 +++ 2 files changed, 6 insertions(+) diff --git a/src/corelib/time/qtimezone.cpp b/src/corelib/time/qtimezone.cpp index 9ccb0e5f024..5a5cd1dd101 100644 --- a/src/corelib/time/qtimezone.cpp +++ b/src/corelib/time/qtimezone.cpp @@ -334,6 +334,9 @@ QTimeZone::QTimeZone() noexcept QTimeZone::QTimeZone(const QByteArray &ianaId) { + // If invalid (other than empty), reject immediately: + if (!ianaId.isEmpty() && !QTimeZonePrivate::isValidId(ianaId)) + return; // Try and see if it's a CLDR UTC offset ID - just as quick by creating as // by looking up. d = new QUtcTimeZonePrivate(ianaId); diff --git a/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp b/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp index 9c505e5baaf..13300cee683 100644 --- a/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp +++ b/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp @@ -1000,6 +1000,9 @@ void tst_QTimeZone::malformed() barf = QTimeZone("QtC+09,,MA"); if (barf.isValid()) QCOMPARE(barf.offsetFromUtc(now), 0); + barf = QTimeZone("UTCC+14:00,-,"); + if (barf.isValid()) + QCOMPARE(barf.daylightTimeOffset(now), -14 * 3600); } void tst_QTimeZone::utcTest()