summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar K. \"pestophagous\" Heller <pestophagous@gmail.com>2015-12-03 21:42:23 -0800
committerGravatar Dirk Hohndel <dirk@hohndel.org>2015-12-06 09:37:07 -0800
commite4c7c6e8eb302cc21c1f643b397ae03c82b03f4b (patch)
treecc679cafac4314e2a4770e868b01101bb6fd21f0
parent27ea07992836076ebb0718e29ee01f5a9e418bfa (diff)
downloadsubsurface-e4c7c6e8eb302cc21c1f643b397ae03c82b03f4b.tar.gz
Prevent gaschange tank icons from using garbage coords.
Tank icons were shown at incorrect spots on the profile when the DiveEventItem object held a pointer to a struct event even after the struct event at that address had been freed. When internalEvent is a pointer to freed memory, internalEvent->time.seconds could have all kinds of crazy values, which get used in member function DiveEventItem::recalculatePos to place the tank at bad x coordinates. The DiveEventItem(s) no longer store a pointer to memory that they do not own. This way, no matter how the path of execution arrives into slot recalculatePos, we never need fear that the DiveEventItem will dereference a garbage pointer to a struct event. Fixes #968 Signed-off-by: K. Heller <pestophagous@gmail.com> Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--dive.c20
-rw-r--r--dive.h1
-rw-r--r--qt-ui/profile/diveeventitem.cpp8
-rw-r--r--qt-ui/profile/diveeventitem.h1
4 files changed, 26 insertions, 4 deletions
diff --git a/dive.c b/dive.c
index 2ae84ca1e..976c30328 100644
--- a/dive.c
+++ b/dive.c
@@ -525,6 +525,22 @@ void selective_copy_dive(struct dive *s, struct dive *d, struct dive_components
}
#undef CONDITIONAL_COPY_STRING
+struct event *clone_event(const struct event *src_ev)
+{
+ struct event *ev;
+ if (!src_ev)
+ return NULL;
+
+ size_t size = sizeof(*src_ev) + strlen(src_ev->name) + 1;
+ ev = (struct event*) malloc(size);
+ if (!ev)
+ exit(1);
+ memcpy(ev, src_ev, size);
+ ev->next = NULL;
+
+ return ev;
+}
+
/* copies all events in this dive computer */
void copy_events(struct divecomputer *s, struct divecomputer *d)
{
@@ -534,9 +550,7 @@ void copy_events(struct divecomputer *s, struct divecomputer *d)
ev = s->events;
pev = &d->events;
while (ev != NULL) {
- int size = sizeof(*ev) + strlen(ev->name) + 1;
- struct event *new_ev = malloc(size);
- memcpy(new_ev, ev, size);
+ struct event *new_ev = clone_event(ev);
*pev = new_ev;
pev = &new_ev->next;
ev = ev->next;
diff --git a/dive.h b/dive.h
index cef1106fd..ccb12e9be 100644
--- a/dive.h
+++ b/dive.h
@@ -725,6 +725,7 @@ extern int split_dive(struct dive *);
extern struct dive *merge_dives(struct dive *a, struct dive *b, int offset, bool prefer_downloaded);
extern struct dive *try_to_merge(struct dive *a, struct dive *b, bool prefer_downloaded);
extern void renumber_dives(int start_nr, bool selected_only);
+extern struct event *clone_event(const struct event *src_ev);
extern void copy_events(struct divecomputer *s, struct divecomputer *d);
extern void free_events(struct event *ev);
extern void copy_cylinders(struct dive *s, struct dive *d, bool used_only);
diff --git a/qt-ui/profile/diveeventitem.cpp b/qt-ui/profile/diveeventitem.cpp
index 0bbc84267..083c8b5b8 100644
--- a/qt-ui/profile/diveeventitem.cpp
+++ b/qt-ui/profile/diveeventitem.cpp
@@ -19,6 +19,10 @@ DiveEventItem::DiveEventItem(QObject *parent) : DivePixmapItem(parent),
setFlag(ItemIgnoresTransformations);
}
+DiveEventItem::~DiveEventItem()
+{
+ free(internalEvent);
+}
void DiveEventItem::setHorizontalAxis(DiveCartesianAxis *axis)
{
@@ -48,7 +52,9 @@ void DiveEventItem::setEvent(struct event *ev)
{
if (!ev)
return;
- internalEvent = ev;
+
+ free(internalEvent);
+ internalEvent = clone_event(ev);
setupPixmap();
setupToolTipString();
recalculatePos(true);
diff --git a/qt-ui/profile/diveeventitem.h b/qt-ui/profile/diveeventitem.h
index f358fee6d..9d6ad5d26 100644
--- a/qt-ui/profile/diveeventitem.h
+++ b/qt-ui/profile/diveeventitem.h
@@ -11,6 +11,7 @@ class DiveEventItem : public DivePixmapItem {
Q_OBJECT
public:
DiveEventItem(QObject *parent = 0);
+ virtual ~DiveEventItem();
void setEvent(struct event *ev);
struct event *getEvent();
void eventVisibilityChanged(const QString &eventName, bool visible);