From 6359b98bae185bbf5e3667570de54c7edeffb63c Mon Sep 17 00:00:00 2001
From: Alexandre Lision <alexandre.lision@gmail.com>
Date: Wed, 1 Apr 2015 19:42:45 -0400
Subject: [PATCH] vcard: trivial test for malformatted URL

OSX can add custom fields which could cause array overflows
(e.g: item1.X-ABADR:ca)

Refs #68376
---
 src/private/vcardutils.cpp | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/private/vcardutils.cpp b/src/private/vcardutils.cpp
index c484fbf9..f2d80524 100644
--- a/src/private/vcardutils.cpp
+++ b/src/private/vcardutils.cpp
@@ -130,13 +130,19 @@ struct VCardMapper {
    void addAddress(Person* c, const QString& key, const QByteArray& fn) {
       Person::Address* addr = new Person::Address();
       QList<QByteArray> fields = fn.split(VCardUtils::Delimiter::SEPARATOR_TOKEN[0]);
+      QStringList keyFields = key.split(VCardUtils::Delimiter::SEPARATOR_TOKEN);
 
-      addr->setType        (key.split(VCardUtils::Delimiter::SEPARATOR_TOKEN)[1] );
-      addr->setAddressLine (QString::fromUtf8(fields[2])                         );
-      addr->setCity        (QString::fromUtf8(fields[3])                         );
-      addr->setState       (QString::fromUtf8(fields[4])                         );
-      addr->setZipCode     (QString::fromUtf8(fields[5])                         );
-      addr->setCountry     (QString::fromUtf8(fields[6])                         );
+      if(keyFields.size() < 2 || fields.size() < 7) {
+          qDebug() << "Malformatted Address";
+          return;
+      }
+
+      addr->setType        (keyFields[1]                   );
+      addr->setAddressLine (QString::fromUtf8(fields[2])   );
+      addr->setCity        (QString::fromUtf8(fields[3])   );
+      addr->setState       (QString::fromUtf8(fields[4])   );
+      addr->setZipCode     (QString::fromUtf8(fields[5])   );
+      addr->setCountry     (QString::fromUtf8(fields[6])   );
 
       c->addAddress(addr);
    }
-- 
GitLab