From 04642fc42a4c8cd748ce973a8883a5097540722d Mon Sep 17 00:00:00 2001
From: John Ralls <jralls@ceridwen.us>
Date: Fri, 27 Oct 2017 09:39:02 -0700
Subject: [PATCH] [SQL] Check return of string_to_guid, bail if false.

---
 libgnucash/backend/sql/gnc-owner-sql.cpp           | 14 ++++++++------
 libgnucash/backend/sql/gnc-slots-sql.cpp           |  4 ++--
 .../backend/sql/gnc-sql-column-table-entry.cpp     |  4 ++--
 .../backend/sql/gnc-sql-column-table-entry.hpp     | 12 +++++++-----
 libgnucash/backend/sql/gnc-transaction-sql.cpp     |  5 +++--
 5 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/libgnucash/backend/sql/gnc-owner-sql.cpp b/libgnucash/backend/sql/gnc-owner-sql.cpp
index 443ab1a2fd..258768951c 100644
--- a/libgnucash/backend/sql/gnc-owner-sql.cpp
+++ b/libgnucash/backend/sql/gnc-owner-sql.cpp
@@ -58,10 +58,10 @@ GncSqlColumnTableEntryImpl<CT_OWNERREF>::load (const GncSqlBackend* sql_be,
     GncOwnerType type;
     GncGUID guid;
     GncOwner owner;
-    GncGUID* pGuid = NULL;
+    GncGUID* pGuid = nullptr;
 
-    g_return_if_fail (sql_be != NULL);
-    g_return_if_fail (pObject != NULL);
+    g_return_if_fail (sql_be != nullptr);
+    g_return_if_fail (pObject != nullptr);
 
     auto book = sql_be->book();
     auto buf = std::string{m_col_name} + "_type";
@@ -70,14 +70,16 @@ GncSqlColumnTableEntryImpl<CT_OWNERREF>::load (const GncSqlBackend* sql_be,
         type = static_cast<decltype(type)>(row.get_int_at_col (buf.c_str()));
         buf = std::string{m_col_name} + "_guid";
         auto val = row.get_string_at_col (buf.c_str());
-        string_to_guid (val.c_str(), &guid);
-        pGuid = &guid;
+        if (string_to_guid (val.c_str(), &guid))
+            pGuid = &guid;
     }
     catch (std::invalid_argument)
     {
         return;
     }
-
+    if (type == GNC_OWNER_NONE || pGuid == nullptr)
+        return;
+    
     switch (type)
     {
     case GNC_OWNER_CUSTOMER:
diff --git a/libgnucash/backend/sql/gnc-slots-sql.cpp b/libgnucash/backend/sql/gnc-slots-sql.cpp
index 2e8cee7256..79cc038a9a 100644
--- a/libgnucash/backend/sql/gnc-slots-sql.cpp
+++ b/libgnucash/backend/sql/gnc-slots-sql.cpp
@@ -711,8 +711,8 @@ gnc_sql_slots_delete (GncSqlBackend* sql_be, const GncGUID* guid)
                     col_table[guid_val_col];
                 GncGUID child_guid;
                 auto val = row.get_string_at_col (table_row->name());
-                (void)string_to_guid (val.c_str(), &child_guid);
-                gnc_sql_slots_delete (sql_be, &child_guid);
+                if (string_to_guid (val.c_str(), &child_guid))
+                    gnc_sql_slots_delete (sql_be, &child_guid);
             }
             catch (std::invalid_argument)
             {
diff --git a/libgnucash/backend/sql/gnc-sql-column-table-entry.cpp b/libgnucash/backend/sql/gnc-sql-column-table-entry.cpp
index 7b5d9bc614..3f3bf52da8 100644
--- a/libgnucash/backend/sql/gnc-sql-column-table-entry.cpp
+++ b/libgnucash/backend/sql/gnc-sql-column-table-entry.cpp
@@ -338,8 +338,8 @@ GncSqlColumnTableEntryImpl<CT_GUID>::load (const GncSqlBackend* sql_be,
     {
         return;
     }
-    (void)string_to_guid (str.c_str(), &guid);
-    set_parameter(pObject, &guid, get_setter(obj_name), m_gobj_param_name);
+    if (string_to_guid (str.c_str(), &guid))
+        set_parameter(pObject, &guid, get_setter(obj_name), m_gobj_param_name);
 }
 
 template<> void
diff --git a/libgnucash/backend/sql/gnc-sql-column-table-entry.hpp b/libgnucash/backend/sql/gnc-sql-column-table-entry.hpp
index 887d457465..d86fbfc0be 100644
--- a/libgnucash/backend/sql/gnc-sql-column-table-entry.hpp
+++ b/libgnucash/backend/sql/gnc-sql-column-table-entry.hpp
@@ -168,11 +168,13 @@ public:
             {
                 GncGUID guid;
                 auto val = row.get_string_at_col (m_col_name);
-                (void)string_to_guid (val.c_str(), &guid);
-                auto target = get_ref(&guid);
-                if (target != nullptr)
-                    set_parameter (pObject, target, get_setter(obj_name),
-                                   m_gobj_param_name);
+                if (string_to_guid (val.c_str(), &guid))
+                {
+                    auto target = get_ref(&guid);
+                    if (target != nullptr)
+                        set_parameter (pObject, target, get_setter(obj_name),
+                                       m_gobj_param_name);
+                }
             }
             catch (std::invalid_argument) {}
         }
diff --git a/libgnucash/backend/sql/gnc-transaction-sql.cpp b/libgnucash/backend/sql/gnc-transaction-sql.cpp
index c5627a8418..5fc8a43aac 100644
--- a/libgnucash/backend/sql/gnc-transaction-sql.cpp
+++ b/libgnucash/backend/sql/gnc-transaction-sql.cpp
@@ -1308,8 +1308,9 @@ GncSqlColumnTableEntryImpl<CT_TXREF>::load (const GncSqlBackend* sql_be,
     {
         auto val = row.get_string_at_col (m_col_name);
         GncGUID guid;
-        (void)string_to_guid (val.c_str(), &guid);
-        auto tx = xaccTransLookup (&guid, sql_be->book());
+        Transaction *tx = nullptr;
+        if (string_to_guid (val.c_str(), &guid))
+            tx = xaccTransLookup (&guid, sql_be->book());
 
         // If the transaction is not found, try loading it
         if (tx == nullptr)