Crash with malformed datetime value

[Title] Crash with malformed datetime value.
[Issue#] N_SE-49068
[Problem] Crash once.
[Cause] Malformed value is passed to input picker.
[Solution] Check format tightly.

Change-Id: I3187a3d2c693a869bda9d74f837fb45f3b4e4ed7

diff --git a/Source/WebKit2/UIProcess/API/efl/tizen/InputPicker.cpp b/Source/WebKit2/UIProcess/API/efl/tizen/InputPicker.cpp
index 4f4dc41..75ba53f 100755 (executable)
--- a/Source/WebKit2/UIProcess/API/efl/tizen/InputPicker.cpp
+++ b/Source/WebKit2/UIProcess/API/efl/tizen/InputPicker.cpp
@@ -34,6 +34,8 @@
 extern void* EflAssistHandle;
 #endif
 
+const unsigned maxDatetimeLength = 32;
+
 #if OS(TIZEN) && ENABLE(TIZEN_INPUT_TAG_EXTENSION)
 
 #if ENABLE(TIZEN_HW_MORE_BACK_KEY)
@@ -116,6 +118,8 @@ InputPicker::~InputPicker()
 
 void InputPicker::show(Ewk_Input_Type inputType, const char* inputValue)
 {
+    TIZEN_SECURE_LOGI("input value: %s", inputValue);
+
     if(inputType == EWK_INPUT_TYPE_DATE)
         ewk_date_popup(inputValue);
     else if(inputType == EWK_INPUT_TYPE_TIME)
@@ -599,16 +603,25 @@ void InputPicker::ewk_date_popup(const char* inputValue)
     Evas_Object* win = parent;
 
     if (inputValue && strlen(inputValue)) {
-        char tmpinputValue[30] = {0,};
-
-        sprintf(tmpinputValue, "%s", inputValue);
-        strcpy(dateStr.year, strtok(tmpinputValue,"-"));
-        strcpy(dateStr.mon, strtok(0, "-"));
-        strcpy(dateStr.day, strtok(0, "-"));
-
-        currentTime->tm_year = atoi(dateStr.year);
-        currentTime->tm_mon = atoi(dateStr.mon);
-        currentTime->tm_mday = atoi(dateStr.day);
+        char tmpinputValue[maxDatetimeLength] = { 0, };
+
+        snprintf(tmpinputValue, maxDatetimeLength, "%s", inputValue);
+        char* token = strtok(tmpinputValue,"-");
+        if (token)
+            strcpy(dateStr.year, token);
+        token = strtok(0, "-");
+        if (token)
+            strcpy(dateStr.mon, token);
+        token = strtok(0, "-");
+        if (token)
+            strcpy(dateStr.day, token);
+
+        if (dateStr.year)
+            currentTime->tm_year = atoi(dateStr.year);
+        if (dateStr.mon)
+            currentTime->tm_mon = atoi(dateStr.mon);
+        if (dateStr.day)
+            currentTime->tm_mday = atoi(dateStr.day);
 
         currentTime->tm_year = currentTime->tm_year - 1900;
         currentTime->tm_mon = currentTime->tm_mon - 1;
@@ -786,16 +799,19 @@ void InputPicker::ewk_week_popup(const char* inputValue)
     Evas_Object* win = parent;
 
     if (inputValue && strlen(inputValue)) {
-        char tmpinputValue[30] = {0,};
+        char tmpinputValue[maxDatetimeLength] = { 0, };
 
-        sprintf(tmpinputValue, "%s", inputValue);
-        strcpy(dateStr.year, strtok(tmpinputValue,"-"));
+        snprintf(tmpinputValue, maxDatetimeLength, "%s", inputValue);
+        char* token = strtok(tmpinputValue,"-");
+        if (token)
+            strcpy(dateStr.year, token);
         const char* week = strstr(inputValue, "W");
         int weekNum = 1;
-        if (week)
+        if (week + 1)
             weekNum = atoi(week + 1);
 
-        currentTime->tm_year = atoi(dateStr.year);
+        if (dateStr.year)
+            currentTime->tm_year = atoi(dateStr.year);
         currentTime->tm_year = currentTime->tm_year - 1900;
 
         struct tm firtTimeOfyear;
@@ -899,14 +915,20 @@ void InputPicker::ewk_time_popup(const char* inputValue)
     Evas_Object* win = parent;
 
     if (inputValue && strlen(inputValue)) {
-        char tmpinputValue[30] = {0,};
-
-        sprintf(tmpinputValue, "%s", inputValue);
-        strcpy(dateStr.hour, strtok(tmpinputValue,":"));
-        strcpy(dateStr.min, strtok(0, ":"));
-
-        currentTime->tm_hour = atoi(dateStr.hour);
-        currentTime->tm_min = atoi(dateStr.min);
+        char tmpinputValue[maxDatetimeLength] = { 0, };
+
+        snprintf(tmpinputValue, maxDatetimeLength, "%s", inputValue);
+        char* token = strtok(tmpinputValue,":");
+        if (token)
+            strcpy(dateStr.hour, token);
+        token = strtok(0, ":");
+        if (token)
+            strcpy(dateStr.min, token);
+
+        if (dateStr.hour)
+            currentTime->tm_hour = atoi(dateStr.hour);
+        if (dateStr.min)
+            currentTime->tm_min = atoi(dateStr.min);
     }
 
     if (m_pickerLayout) {
@@ -984,14 +1006,20 @@ void InputPicker::ewk_month_popup(const char* inputValue)
     Evas_Object* win = parent;
 
     if (inputValue && strlen(inputValue)) {
-        char tmpInputValue[30] = {0,};
+        char tmpInputValue[maxDatetimeLength] = { 0, };
 
-        sprintf(tmpInputValue, "%s", inputValue);
-        strcpy(dateStr.year, strtok(tmpInputValue,"-"));
-        strcpy(dateStr.mon, strtok(0, "-"));
+        snprintf(tmpInputValue, maxDatetimeLength, "%s", inputValue);
+        char* token = strtok(tmpInputValue,"-");
+        if (token)
+            strcpy(dateStr.year, token);
+        token = strtok(0, "-");
+        if (token)
+            strcpy(dateStr.mon, token);
 
-        currentTime->tm_year = atoi(dateStr.year);
-        currentTime->tm_mon = atoi(dateStr.mon);
+        if (dateStr.year)
+            currentTime->tm_year = atoi(dateStr.year);
+        if (dateStr.mon)
+            currentTime->tm_mon = atoi(dateStr.mon);
 
         currentTime->tm_year = currentTime->tm_year - 1900;
         currentTime->tm_mon = currentTime->tm_mon - 1;
@@ -1072,24 +1100,42 @@ void InputPicker::ewk_datetime_popup(const char* inputValue, bool local)
     Evas_Object* win = parent;
 
     if (inputValue && strlen(inputValue)) {
-        char tmpInputValue[30] = {0, };
-
-        sprintf(tmpInputValue, "%s", inputValue);
-        strcpy(dateStr.year, strtok(tmpInputValue,"-"));
-        strcpy(dateStr.mon, strtok(0, "-"));
-        strcpy(dateStr.day, strtok(0, "T"));
-        strcpy(dateStr.hour, strtok(0, ":"));
-
-        if (local)
-            strcpy(dateStr.min, strtok(0, "Z"));
-        else
-            strcpy(dateStr.min, strtok(0, ":"));
+        char tmpInputValue[maxDatetimeLength] = { 0, };
+
+        snprintf(tmpInputValue, maxDatetimeLength, "%s", inputValue);
+        char* token = strtok(tmpInputValue,"-");
+        if (token)
+            strcpy(dateStr.year, token);
+        token = strtok(0, "-");
+        if (token)
+            strcpy(dateStr.mon, token);
+        token = strtok(0, "T");
+        if (token)
+            strcpy(dateStr.day, token);
+        token = strtok(0, ":");
+        if (token)
+            strcpy(dateStr.hour, token);
+
+        if (local) {
+            token = strtok(0, "Z");
+            if (token)
+                strcpy(dateStr.min, token);
+        } else {
+            token = strtok(0, ":");
+            if (token)
+                strcpy(dateStr.min, token);
+        }
 
-        currentTime->tm_year = atoi(dateStr.year);
-        currentTime->tm_mon = atoi(dateStr.mon);
-        currentTime->tm_mday = atoi(dateStr.day);
-        currentTime->tm_hour = atoi(dateStr.hour);
-        currentTime->tm_min = atoi(dateStr.min);
+        if (dateStr.year)
+            currentTime->tm_year = atoi(dateStr.year);
+        if (dateStr.mon)
+            currentTime->tm_mon = atoi(dateStr.mon);
+        if (dateStr.day)
+            currentTime->tm_mday = atoi(dateStr.day);
+        if (dateStr.hour)
+            currentTime->tm_hour = atoi(dateStr.hour);
+        if (dateStr.min)
+            currentTime->tm_min = atoi(dateStr.min);
 
         currentTime->tm_year = currentTime->tm_year - 1900;
         currentTime->tm_mon = currentTime->tm_mon - 1;