diff options
| author |  Lubomir I. Ivanov <neolit123@gmail.com> | 2018-06-19 03:59:33 +0300 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2018-06-20 09:30:58 +0900 |
| commit | 06a870c232513aca96a624535d648a6e7c098e5f (patch) | |
| tree | e6ed0b467310dec2ccbf1e4c6b83d026564fc4cf | |
| parent | 769aca9e956cd4bb7cc97be813968348f5e7f3d2 (diff) | |
| download | subsurface-06a870c232513aca96a624535d648a6e7c098e5f.tar.gz | |
equipment: sanitize 'ws_info' loop limits
Instead of a constant or a macro for the maximum
number of 'ws_info' elements the 100 literal was used.
Define MAX_WS_INFO in dive.h and use it everywhere.
Also clamp loops that iterate `ws_info' to MAX_WS_INFO.
Prevents potential out-of-bounds reading, similarly to
the previous commit about 'tank_info'.
Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
| -rw-r--r-- | core/dive.h | 3 | ||||
| -rw-r--r-- | core/equipment.c | 6 | ||||
| -rw-r--r-- | qt-models/weightmodel.cpp | 2 | ||||
| -rw-r--r-- | qt-models/weightsysteminfomodel.cpp | 13 |
4 files changed, 12 insertions, 12 deletions
diff --git a/core/dive.h b/core/dive.h index 326dfe54b..3ab270261 100644 --- a/core/dive.h +++ b/core/dive.h @@ -275,6 +275,7 @@ struct divecomputer { #define MAX_CYLINDERS (20) #define MAX_WEIGHTSYSTEMS (6) #define MAX_TANK_INFO (100) +#define MAX_WS_INFO (100) #define W_IDX_PRIMARY 0 #define W_IDX_SECONDARY 1 @@ -944,7 +945,7 @@ struct ws_info_t { const char *name; int grams; }; -extern struct ws_info_t ws_info[100]; +extern struct ws_info_t ws_info[MAX_WS_INFO]; extern bool cylinder_nodata(const cylinder_t *cyl); extern bool cylinder_none(void *_data); diff --git a/core/equipment.c b/core/equipment.c index aca58ba77..0df62e332 100644 --- a/core/equipment.c +++ b/core/equipment.c @@ -43,13 +43,13 @@ void add_weightsystem_description(weightsystem_t *weightsystem) desc = weightsystem->description; if (!desc) return; - for (i = 0; i < 100 && ws_info[i].name != NULL; i++) { + for (i = 0; i < MAX_WS_INFO && ws_info[i].name != NULL; i++) { if (strcmp(ws_info[i].name, desc) == 0) { ws_info[i].grams = weightsystem->weight.grams; return; } } - if (i < 100) { + if (i < MAX_WS_INFO) { // FIXME: leaked on exit ws_info[i].name = strdup(desc); ws_info[i].grams = weightsystem->weight.grams; @@ -181,7 +181,7 @@ struct tank_info_t tank_info[100] = { * We hardcode the most common weight system types * This is a bit odd as the weight system types don't usually encode weight */ -struct ws_info_t ws_info[100] = { +struct ws_info_t ws_info[MAX_WS_INFO] = { { QT_TRANSLATE_NOOP("gettextFromC", "integrated"), 0 }, { QT_TRANSLATE_NOOP("gettextFromC", "belt"), 0 }, { QT_TRANSLATE_NOOP("gettextFromC", "ankle"), 0 }, diff --git a/qt-models/weightmodel.cpp b/qt-models/weightmodel.cpp index 77114eaea..b8e9ffa5d 100644 --- a/qt-models/weightmodel.cpp +++ b/qt-models/weightmodel.cpp @@ -107,7 +107,7 @@ bool WeightModel::setData(const QModelIndex &index, const QVariant &value, int r if (!ws->description || gettextFromC::tr(ws->description) != vString) { // loop over translations to see if one matches int i = -1; - while (ws_info[++i].name) { + while (ws_info[++i].name && i < MAX_WS_INFO) { if (gettextFromC::tr(ws_info[i].name) == vString) { ws->description = copy_string(ws_info[i].name); break; diff --git a/qt-models/weightsysteminfomodel.cpp b/qt-models/weightsysteminfomodel.cpp index f843c8ef0..f8d2905cf 100644 --- a/qt-models/weightsysteminfomodel.cpp +++ b/qt-models/weightsysteminfomodel.cpp @@ -79,8 +79,8 @@ const QString &WSInfoModel::biggerString() const WSInfoModel::WSInfoModel() : rows(-1) { setHeaderDataStrings(QStringList() << tr("Description") << tr("kg")); - struct ws_info_t *info = ws_info; - for (info = ws_info; info->name; info++, rows++) { + struct ws_info_t *info; + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) { QString wsInfoName = gettextFromC::tr(info->name); if (wsInfoName.count() > biggerEntry.count()) biggerEntry = wsInfoName; @@ -94,11 +94,11 @@ WSInfoModel::WSInfoModel() : rows(-1) void WSInfoModel::updateInfo() { - struct ws_info_t *info = ws_info; + struct ws_info_t *info; beginRemoveRows(QModelIndex(), 0, this->rows); endRemoveRows(); rows = -1; - for (info = ws_info; info->name; info++, rows++) { + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) { QString wsInfoName = gettextFromC::tr(info->name); if (wsInfoName.count() > biggerEntry.count()) biggerEntry = wsInfoName; @@ -117,9 +117,8 @@ void WSInfoModel::update() endRemoveRows(); rows = -1; } - struct ws_info_t *info = ws_info; - for (info = ws_info; info->name; info++, rows++) - ; + struct ws_info_t *info; + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++); if (rows > -1) { beginInsertRows(QModelIndex(), 0, rows); |