summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Lubomir I. Ivanov <neolit123@gmail.com>2013-12-10 22:53:02 +0200
committerGravatar Dirk Hohndel <dirk@hohndel.org>2013-12-10 22:35:13 +0100
commit643f4040368cd94d261cc286fb6263487fa2eedb (patch)
tree4c0c28ab588848bc2d42c5556eab77fa9f767396
parent5ebcc2d237ec42545b6bf21003dafc10358aeb31 (diff)
downloadsubsurface-643f4040368cd94d261cc286fb6263487fa2eedb.tar.gz
Divelogs.de: prevent undefined behaviour
prepare_dives_for_divelogs() did a silly thing, which I was responsible for. When populating 'tempfile' we benefit from QString, but then return a pointer to a local variable (char *) without alocating it on the heap. This resulted in undefined behavior, as we don't know the lifespan of that local memory on the stack. Patch fixes that by using strdup() and freeing the memory when/if needed. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com> Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
-rw-r--r--qt-ui/subsurfacewebservices.cpp12
1 files changed, 9 insertions, 3 deletions
diff --git a/qt-ui/subsurfacewebservices.cpp b/qt-ui/subsurfacewebservices.cpp
index a8421def9..b974191c7 100644
--- a/qt-ui/subsurfacewebservices.cpp
+++ b/qt-ui/subsurfacewebservices.cpp
@@ -115,15 +115,17 @@ static char *prepare_dives_for_divelogs(const bool selected)
/* generate a random filename and create/open that file with zip_open */
QString tempfileQ = QDir::tempPath() + "/import-" + QString::number(qrand() % 99999999) + ".dld";
- tempfile = tempfileQ.toLocal8Bit().data();
+ tempfile = strdup(tempfileQ.toLocal8Bit().data());
zip = zip_open(tempfile, ZIP_CREATE, NULL);
if (!zip) {
qDebug() << errPrefix << "cannot open file as zip";
+ free((void *)tempfile);
return NULL;
}
if (!amount_selected) {
qDebug() << errPrefix << "no dives selected";
+ free((void *)tempfile);
return NULL;
}
@@ -137,6 +139,7 @@ static char *prepare_dives_for_divelogs(const bool selected)
f = tmpfile();
if (!f) {
qDebug() << errPrefix << "cannot create temp file";
+ free((void *)tempfile);
return NULL;
}
save_dive(f, dive);
@@ -146,6 +149,7 @@ static char *prepare_dives_for_divelogs(const bool selected)
membuf = (char *)malloc(streamsize + 1);
if (!membuf || !fread(membuf, streamsize, 1, f)) {
qDebug() << errPrefix << "memory error";
+ free((void *)tempfile);
return NULL;
}
membuf[streamsize] = 0;
@@ -158,6 +162,7 @@ static char *prepare_dives_for_divelogs(const bool selected)
doc = xmlReadMemory(membuf, strlen(membuf), "divelog", NULL, 0);
if (!doc) {
qDebug() << errPrefix << "xml error";
+ free((void *)tempfile);
return NULL;
}
free((void *)membuf);
@@ -165,6 +170,7 @@ static char *prepare_dives_for_divelogs(const bool selected)
xslt = get_stylesheet("divelogs-export.xslt");
if (!xslt) {
qDebug() << errPrefix << "missing stylesheet";
+ free((void *)tempfile);
return NULL;
}
transformed = xsltApplyStylesheet(xslt, doc, NULL);
@@ -184,8 +190,6 @@ static char *prepare_dives_for_divelogs(const bool selected)
}
}
zip_close(zip);
- /* let's call this again */
- tempfile = tempfileQ.toLocal8Bit().data();
return tempfile;
}
@@ -554,9 +558,11 @@ void DivelogsDeWebServices::prepareDivesForUpload()
uploadDives((QIODevice *)&f);
f.close();
f.remove();
+ free((void *)filename);
return;
}
mainWindow()->showError(errorText.append(": ").append(filename));
+ free((void *)filename);
return;
}
mainWindow()->showError(errorText.append("!"));