EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Critical bug in SBB - crashed our application

Posted: 02/29/2016 03:28:57
by Bogdan H. (Standard support level)
Joined: 04/03/2014
Posts: 10

Hi there,

There is a critical bug in SBUtils.pas DateTimeAddYears when, on 29th Feb of a leap year it tries to use SysUtils.EncodeDate to encode an invalid date (adds one year to current date -> that results in 29th Feb of next year which does not exist).

This totally crashed our application and caused a lot of support headache.

I am surprised this kind of bug was not caught until now.
Posted: 02/29/2016 03:31:16
by Alexander Ionov (Team)

Thank you very much for the report.

We are very sorry for this problem. It affects only VCL edition of SecureBlackbox and appears only today. Tomorrow, even not fixed applications will work as usual.

Here are the fixed code:
function DateTimeIsLeapYear(Year: Integer): Boolean;
  Result := (Year mod 4 = 0) and ((Year mod 100 <> 0) or (Year mod 400 = 0));

function DateTimeAddYears(DateTime: TElDateTime; Years: Integer): TElDateTime;
  Year, Month, Day: Word;
  DecodeDate(DateTime, Year, Month, Day);
  Inc(Year, Years);
  if (Month = 2) and (Day = 29) and not DateTimeIsLeapYear(Year) then
    Day := 28;
  Result := EncodeDate(Year, Month, Day) + Frac(DateTime);

It's needed to replace the SBUtils.DateTimeAddYears function with the fixed one and rebuild BaseBBox package and your program.

Best regards,
Alexander Ionov
Posted: 02/29/2016 03:46:37
by Jürgen Scheid (Premium support level)
Joined: 06/21/2007
Posts: 1

Can you provide a patched compiled version of Secure BlackBox ?
Posted: 02/29/2016 03:49:41
by K.K.Tsang  (Standard support level)
Joined: 12/07/2015
Posts: 2

Currently, I used the functionality in form of libsbb.dll.

Is it possible for me to compile my own library and include the fix? There is no source code in the download.
Posted: 02/29/2016 04:09:09
by Alexander Ionov (Team)

Jürgen Scheid wrote:
Can you provide a patched compiled version of Secure BlackBox ?

Yes, we're preparing it right now.

Best regards,
Alexander Ionov
Posted: 02/29/2016 06:56:48
by Alexander Otstavnov (Standard support level)
Joined: 08/08/2011
Posts: 2

How long does it take to prepare compiled version?
Posted: 02/29/2016 07:07:11
by Ken Ivanov (Team)

C++ edition for Windows have just been updated. Please download the updated version from here.

We are sorry for making you wait.
Posted: 02/29/2016 07:28:59
by Alexander Otstavnov (Standard support level)
Joined: 08/08/2011
Posts: 2

I use pre-compiled version of SBB.
Posted: 02/29/2016 07:37:49
by Ken Ivanov (Team)


All VCL edition packages are nearly there. We are sorry for keeping you waiting.

Posted: 02/29/2016 08:11:37
by Ken Ivanov (Team)

Hi there,

All VCL packages are available on the web site at their standard location.

Please disregard the displayed version numbers at the moment (they are old), we will update them shortly.



Topic viewed 8360 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!