From 9148c2b010dd1aa4f5ebffc531d72cbc58af4cea Mon Sep 17 00:00:00 2001
From: Edward Welbourne <edward.welbourne@qt.io>
Date: Tue, 13 Apr 2021 14:22:00 +0200
Subject: Make POSIX transition rule parser more robust
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The POSIX rule parser used by QTzTimeZonePrivate recklessly assumed
that, if splitting the rule on a dot produced more than one part, it
necessarily produced at least three. That's true for well-formed POSIX
rules, but we should catch the case of malformed rules.

Likewise, when calculating the dates of transitions, splitting the
date rule on dots might produce too few fragments; and the fragments
might not parse as valid numbers, or might be out of range for their
respective fields in a date. Check all these cases, too.

Added a test that crashed previously. Changed
QTimeZone::offsetFromUtc() so that its "return zero on invalid"
applies also to the case where the backend returns invalid, in
support of this.

Fixes: QTBUG-92808
Change-Id: Ica383a7a987465483341bdef8dcfd42edb6b43d6
Reviewed-by: Andrei Golubev <andrei.golubev@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Robert Löhning <robert.loehning@qt.io>
(cherry picked from commit 964f91fd25a59654905c5a68d3cbccedab9ebb5a)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'tests')

diff --git a/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp b/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp
index bb6a264de6..741adeaa14 100644
--- a/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp
+++ b/tests/auto/corelib/time/qtimezone/tst_qtimezone.cpp
@@ -63,6 +63,7 @@ private Q_SLOTS:
     void isValidId_data();
     void isValidId();
     void serialize();
+    void malformed();
     // Backend tests
     void utcTest();
     void icuTest();
@@ -957,6 +958,21 @@ void tst_QTimeZone::serialize()
         QSKIP("No serialization enabled");
 }
 
+void tst_QTimeZone::malformed()
+{
+    // Regression test for QTBUG-92808
+    // Strings that look enough like a POSIX zone specifier that the constructor
+    // accepts them, but the specifier is invalid.
+    // Must not crash or trigger assertions when calling offsetFromUtc()
+    const QDateTime now = QDateTime::currentDateTime();
+    QTimeZone barf("QUT4tCZ0 , /");
+    if (barf.isValid())
+        barf.offsetFromUtc(now);
+    barf = QTimeZone("QtC+09,,MA");
+    if (barf.isValid())
+        barf.offsetFromUtc(now);
+}
+
 void tst_QTimeZone::utcTest()
 {
 #ifdef QT_BUILD_INTERNAL
-- 
cgit v1.2.3