[PATCH] tankinfomodel.cpp: clamp row index to [0 - MAX_TANK_INFO]

Tue, 13 Jun 2017 15:46:09 -0700 

From: "Lubomir I. Ivanov" <neolit...@gmail.com>

MAX_TANK_INFO is a new macro in dive.h to define the
maximum number of tank_info_t objects.

TankInfoModel's data() and setData() now check for valid
row indexes before accessing the tank_info[] array directly.

Without this patch TankInfoMode::data() can cause a SIGSEGV.

Reported-by: Pedro Neves <nevesdi...@gmail.com>
Signed-off-by: Lubomir I. Ivanov <neolit...@gmail.com>
---

sesm to only happen for Perdo's log (45MB).

i don't know the underlying cause - i.e. why QModelIndex returns
a value of >99.

maybe Tomaz can find the underlying bug?
---
 core/dive.h                 | 3 ++-
 qt-models/tankinfomodel.cpp | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/core/dive.h b/core/dive.h
index c65d3ff..2565b4a 100644
--- a/core/dive.h
+++ b/core/dive.h
@@ -296,6 +296,7 @@ struct divecomputer {
 
 #define MAX_CYLINDERS (20)
 #define MAX_WEIGHTSYSTEMS (6)
+#define MAX_TANK_INFO (100)
 #define W_IDX_PRIMARY 0
 #define W_IDX_SECONDARY 1
 
@@ -923,7 +924,7 @@ struct tank_info_t {
        const char *name;
        int cuft, ml, psi, bar;
 };
-extern struct tank_info_t tank_info[100];
+extern struct tank_info_t tank_info[MAX_TANK_INFO];
 
 struct ws_info_t {
        const char *name;
diff --git a/qt-models/tankinfomodel.cpp b/qt-models/tankinfomodel.cpp
index 75303d8..97f0e80 100644
--- a/qt-models/tankinfomodel.cpp
+++ b/qt-models/tankinfomodel.cpp
@@ -28,6 +28,10 @@ bool TankInfoModel::setData(const QModelIndex &index, const 
QVariant &value, int
 {
        //WARN Seems wrong, we need to check for role == Qt::EditRole
        Q_UNUSED(role);
+
+       if (index.row() < 0 || index.row() > MAX_TANK_INFO - 1)
+               return false;
+
        struct tank_info_t *info = &tank_info[index.row()];
        switch (index.column()) {
        case DESCRIPTION:
@@ -51,7 +55,7 @@ void TankInfoModel::clear()
 QVariant TankInfoModel::data(const QModelIndex &index, int role) const
 {
        QVariant ret;
-       if (!index.isValid()) {
+       if (!index.isValid() || index.row() < 0 || index.row() > MAX_TANK_INFO 
- 1) {
                return ret;
        }
        if (role == Qt::FontRole) {
-- 
1.7.11.msysgit.0

_______________________________________________
subsurface mailing list
subsurface@subsurface-divelog.org
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface

Reply via email to