From 9eab948fb19f41ba81d2a3ae4d5323929af77cea Mon Sep 17 00:00:00 2001 From: James Crook Date: Tue, 7 Aug 2018 11:46:21 +0100 Subject: [PATCH] Bug 1905 - Labels with more than 260 characters fail to load (with no warning) --- src/LabelTrack.cpp | 3 ++- src/xml/XMLTagHandler.cpp | 8 ++++++++ src/xml/XMLTagHandler.h | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/LabelTrack.cpp b/src/LabelTrack.cpp index 96e6a9b1e..27c5a0ed0 100644 --- a/src/LabelTrack.cpp +++ b/src/LabelTrack.cpp @@ -2327,7 +2327,8 @@ bool LabelTrack::HandleXMLTag(const wxChar *tag, const wxChar **attrs) break; const wxString strValue = value; - if (!XMLValueChecker::IsGoodString(strValue)) + // Bug 1905 was about long label strings. + if (!XMLValueChecker::IsGoodLongString(strValue)) { return false; } diff --git a/src/xml/XMLTagHandler.cpp b/src/xml/XMLTagHandler.cpp index 9321b8b2f..29d0de5f6 100644 --- a/src/xml/XMLTagHandler.cpp +++ b/src/xml/XMLTagHandler.cpp @@ -39,6 +39,7 @@ #include "../SampleFormat.h" #include "../Track.h" +// Length check. Is in part about not supplying malicious strings to file functions. bool XMLValueChecker::IsGoodString(const wxString & str) { size_t len = str.Length(); @@ -50,6 +51,13 @@ bool XMLValueChecker::IsGoodString(const wxString & str) return false; // good place for a breakpoint } +// No length check, as e.g. labels could be very long. +bool XMLValueChecker::IsGoodLongString(const wxString & str) +{ + return str.Find('\0', false) == -1; // No null characters except terminator. +} + + // "Good" means the name is well-formed and names an existing file or folder. bool XMLValueChecker::IsGoodFileName(const wxString & strFileName, const wxString & strDirName /* = "" */) { diff --git a/src/xml/XMLTagHandler.h b/src/xml/XMLTagHandler.h index 6b3c1724e..9767eb27f 100644 --- a/src/xml/XMLTagHandler.h +++ b/src/xml/XMLTagHandler.h @@ -30,6 +30,8 @@ public: // These are used in HandleXMLTag and BuildFomXML methods to check the input for // security vulnerabilites, per the NGS report for UmixIt. static bool IsGoodString(const wxString & str); + // Labels are allowed to be very long. At some future date we will format long labels nicely. + static bool IsGoodLongString(const wxString & str); static bool IsGoodFileName(const wxString & strFileName, const wxString & strDirName = wxEmptyString); static bool IsGoodFileString(const wxString &str);