EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Critical bug in SBB - crashed our application

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#36032
Posted: 02/29/2016 03:28:57
by Bogdan H. (Standard support level)
Joined: 04/03/2014
Posts: 10

Hi there,

There is a critical bug in SBUtils.pas DateTimeAddYears when, on 29th Feb of a leap year it tries to use SysUtils.EncodeDate to encode an invalid date (adds one year to current date -> that results in 29th Feb of next year which does not exist).

This totally crashed our application and caused a lot of support headache.

I am surprised this kind of bug was not caught until now.
#36033
Posted: 02/29/2016 03:31:16
by Alexander Ionov (EldoS Corp.)

Thank you very much for the report.

We are very sorry for this problem. It affects only VCL edition of SecureBlackbox and appears only today. Tomorrow, even not fixed applications will work as usual.

Here are the fixed code:
Code
function DateTimeIsLeapYear(Year: Integer): Boolean;
begin
  Result := (Year mod 4 = 0) and ((Year mod 100 <> 0) or (Year mod 400 = 0));
end;

function DateTimeAddYears(DateTime: TElDateTime; Years: Integer): TElDateTime;
var
  Year, Month, Day: Word;
begin
  DecodeDate(DateTime, Year, Month, Day);
  Inc(Year, Years);
  if (Month = 2) and (Day = 29) and not DateTimeIsLeapYear(Year) then
    Day := 28;
  Result := EncodeDate(Year, Month, Day) + Frac(DateTime);
end;


It's needed to replace the SBUtils.DateTimeAddYears function with the fixed one and rebuild BaseBBox package and your program.


--
Best regards,
Alexander Ionov
#36035
Posted: 02/29/2016 03:46:37
by Jürgen Scheid (Standard support level)
Joined: 06/21/2007
Posts: 1

Can you provide a patched compiled version of Secure BlackBox ?
#36036
Posted: 02/29/2016 03:49:41
by K.K.Tsang  (Standard support level)
Joined: 12/07/2015
Posts: 2

Currently, I used the functionality in form of libsbb.dll.

Is it possible for me to compile my own library and include the fix? There is no source code in the download.
#36038
Posted: 02/29/2016 04:09:09
by Alexander Ionov (EldoS Corp.)

Quote
Jürgen Scheid wrote:
Can you provide a patched compiled version of Secure BlackBox ?

Yes, we're preparing it right now.


--
Best regards,
Alexander Ionov
#36051
Posted: 02/29/2016 06:56:48
by Alexander Otstavnov (Standard support level)
Joined: 08/08/2011
Posts: 2

How long does it take to prepare compiled version?
#36052
Posted: 02/29/2016 07:07:11
by Ken Ivanov (EldoS Corp.)

C++ edition for Windows have just been updated. Please download the updated version from here.

We are sorry for making you wait.
#36053
Posted: 02/29/2016 07:28:59
by Alexander Otstavnov (Standard support level)
Joined: 08/08/2011
Posts: 2

I use pre-compiled version of SBB.
#36054
Posted: 02/29/2016 07:37:49
by Ken Ivanov (EldoS Corp.)

Alexander,

All VCL edition packages are nearly there. We are sorry for keeping you waiting.

Ken
#36057
Posted: 02/29/2016 08:11:37
by Ken Ivanov (EldoS Corp.)

Hi there,

All VCL packages are available on the web site at their standard location.

Please disregard the displayed version numbers at the moment (they are old), we will update them shortly.
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 3905 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!