Fix an assertion crash on a device with invalid keys

It is a profoundly invalid case when a tracked device has either an empty id or invalid/inexistent keys. Previously there was a Q_ASSERT guarding that; arguably, it's better to just clean away that kind of stuff from the database if it's encountered, and continue operating.
quotient-im · Sep 22, 2024 · 4b2e394 · 4b2e394
1 parent 8db3d43
commit 4b2e394
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/Quotient/connectionencryptiondata_p.cpp b/Quotient/connectionencryptiondata_p.cpp
@@ -131,15 +131,15 @@ void ConnectionEncryptionData::saveDevicesList()
     auto query = database.prepareQuery(u"DELETE FROM tracked_users"_s);
     database.execute(query);
     query.prepare(u"INSERT INTO tracked_users(matrixId) VALUES(:matrixId);"_s);
-    for (const auto& user : trackedUsers) {
+    for (const auto& user : std::as_const(trackedUsers)) {
         query.bindValue(u":matrixId"_s, user);
         database.execute(query);
     }
 
     query.prepare(u"DELETE FROM outdated_users"_s);
     database.execute(query);
     query.prepare(u"INSERT INTO outdated_users(matrixId) VALUES(:matrixId);"_s);
-    for (const auto& user : outdatedUsers) {
+    for (const auto& user : std::as_const(outdatedUsers)) {
         query.bindValue(u":matrixId"_s, user);
         database.execute(query);
     }
@@ -153,22 +153,28 @@ void ConnectionEncryptionData::saveDevicesList()
             database.prepareQuery(u"DELETE FROM tracked_devices WHERE matrixId=:matrixId;"_s);
         deleteQuery.bindValue(u":matrixId"_s, user);
         database.execute(deleteQuery);
-        for (const auto& device : devices) {
+        for (const auto& device : std::as_const(devices)) {
             const auto keys = device.keys.asKeyValueRange();
             deleteQuery.prepare(
                 u"DELETE FROM tracked_devices WHERE matrixId=:matrixId AND deviceId=:deviceId;"_s);
             deleteQuery.bindValue(u":matrixId"_s, user);
             deleteQuery.bindValue(u":deviceId"_s, device.deviceId);
             database.execute(deleteQuery);
 
+            if (device.deviceId.isEmpty()) {
+                qCCritical(E2EE) << "Clearing an invalid tracked device record with empty deviceId";
+                continue;
+            }
             const auto curveKeyIt = std::ranges::find_if(keys, [](const auto& p) {
                 return p.first.startsWith("curve"_L1);
             });
-            Q_ASSERT(curveKeyIt != keys.end());
             const auto edKeyIt = std::ranges::find_if(keys, [](const auto& p) {
                 return p.first.startsWith("ed"_L1);
             });
-            Q_ASSERT(edKeyIt != keys.end());
+            if (curveKeyIt == keys.end() || edKeyIt == keys.end()) {
+                qCCritical(E2EE) << "Clearing an invalid tracked device record due to keys missing";
+                continue;
+            }
 
             query.bindValue(u":matrixId"_s, user);
             query.bindValue(u":deviceId"_s, device.deviceId);