subsurface.git/smtk-import, branch v4.9.7

smtk-import: Workaround segfault in mdbtools memcpy call

2020-08-13T17:02:12Z

Smtk2ssrf has a segfault which matches quite well glibc's CVE-2019-6488 (except for the x32 part). It came from a call to memcpy in mdb_ole_read() func, used to get the header and the profile of a dive from the database. May be it could be fixed in libmdb but Mdbtools project has been stalled for the past 5 years so ... The segfault seems to be triggered by an empty profile in the first dive in the database (a pretty common case in older Aladin DCs due to their little memmory). The only special thing here is the fact it's the first dive in the database structure (not the first by its index). We can avoid the crash if we don't call mdb_ole_read_full() func on zero sized profile field. The problem here is we can't get the size of the fields and build the MdbColumn in the same roud. Happily we just need the MdbColumn struct for the dive profile and header. So, we can change the previous approach using MdbColumns through almost all functions to a simpler one using the already bounded strings by smtk_open_table() and just using the col[n]->bind_pointer in the main function where the columns are built to be used by mdb_ole_read_full(). Reported-by: Robert C. Helling Signed-off-by: Salvador Cuñat

build-system/MXE: build with more up to date MXE tools.

2020-06-25T18:00:51Z

- use hidapi grantlee and mdbtools from MXE - update MXE version to use QT 5.15, and pull in libzstd and CMake 3.17.3 - fix linking of winmm on windows build with new mxe - add some instructions on building the container - add some new dependancies from QT 5.15 to the packaging - add a patch to MXE to Build qtconnectivity with native-win32-bluetooth [Dirk Hohndel: small refactor] Signed-off-by: Paul Buxton Signed-off-by: Dirk Hohndel

cleanup: move dive_table from dive.h to divelist.h

2020-05-01T16:42:31Z

This allows us to decouple dive.h and divelist.h, a small step in include disentangling. Signed-off-by: Berthold Stoeger

[smtk-import] Fix useless NULL check and white space issues

2020-04-19T17:59:12Z

As commented by Berthold and Dirk for previous patches. Signed-off-by: Salvador Cuñat

[smtk-import] add some sanity checks

2020-04-19T17:59:12Z

Under some circustances values stored in this arrays may be NULL or even previously freed. Check them to avoid further crashes. Signed-off-by: Salvador Cuñat

[smtk-import] Do not create cylinders structure before libdc parsing

2020-04-19T17:59:12Z

The d->cylinders created will be overriden by libdivecomputer parsing, resulting in 0, 1 , may be 2 cylinders depending on DC data. This is not what we want when importing a divelog, because we will miss all hand entered tanks. BTW, using get_cylinder() on tank number bigger than created, results in a NULL pointer and a crash. As we can't foresee how many tanks (or even it's positional numbers in log) a diver has used, the full 10 tanks supported by SmarTrak can be easily created and parsed using get_or_create_cylinder(), and unused cleaned later. Signed-off-by: Salvador Cuñat

Grammar: replaces 'indexes' by 'indices'

2020-03-11T15:26:30Z

Grammar-nazi ran git grep -l 'indexes' | xargs sed -i '' -e 's/indexes/indices/g' to prevent future wincing when reading the source code. Unfortunatly, Qt itself is infected as in QModelIndexList QItemSelection::indexes() const Signed-off-by: Robert C. Helling

Cylinders: access cylinders with get_cylinder()

2019-11-09T18:19:04Z

Instead of accessing the cylinder table directly, use the get_cylinder() function. This gives less unwieldy expressions. But more importantly, the function does bound checking. This is crucial for now as the code hasn't be properly audited since the change to arbitrarily sized cylinder tables. Accesses of invalid cylinder indexes may lead to silent data-corruption that is sometimes not even noticed by valgrind. Returning NULL instead of an invalid pointer will make debugging much easier. Signed-off-by: Berthold Stoeger

Core: remove MAX_CYLINDERS restriction

2019-11-09T18:19:04Z

Instead of using fixed size arrays, use a new cylinder_table structure. The code copies the weightsystem code, but is significantly more complex because cylinders are such an integral part of the core. Two functions to access the cylinders were added: get_cylinder() and get_or_create_cylinder() The former does a simple array access and supposes that the cylinder exists. The latter is used by the parser(s) and if a cylinder with the given id does not exist, cylinders up to that id are generated. One point will make C programmers cringe: the cylinder structure is passed by value. This is due to the way the table-macros work. A refactoring of the table macros is planned. It has to be noted that the size of a cylinder_t is 64 bytes, i.e. 8 long words on a 64-bit architecture, so passing on the stack is probably not even significantly slower than passing as reference. Signed-off-by: Berthold Stoeger

Cleanup: move error reporting function declarations to errorhelper.h

2019-08-08T23:26:30Z

Move the declarations of the "report_error()" and "set_error_cb()" functions and the "verbose" variable to errorhelper.h. Thus, error-reporting translation units don't have to import the big dive.h header file. Signed-off-by: Berthold Stoeger