diff options
| author |  K. \"pestophagous\" Heller <pestophagous@gmail.com> | 2015-12-03 21:42:23 -0800 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2015-12-06 09:37:07 -0800 |
| commit | e4c7c6e8eb302cc21c1f643b397ae03c82b03f4b (patch) | |
| tree | cc679cafac4314e2a4770e868b01101bb6fd21f0 | |
| parent | 27ea07992836076ebb0718e29ee01f5a9e418bfa (diff) | |
| download | subsurface-e4c7c6e8eb302cc21c1f643b397ae03c82b03f4b.tar.gz | |
Prevent gaschange tank icons from using garbage coords.
Tank icons were shown at incorrect spots on the profile
when the DiveEventItem object held a pointer to a struct
event even after the struct event at that address had
been freed. When internalEvent is a pointer to freed
memory, internalEvent->time.seconds could have all kinds
of crazy values, which get used in member function
DiveEventItem::recalculatePos to place the tank at bad
x coordinates.
The DiveEventItem(s) no longer store a pointer to memory
that they do not own. This way, no matter how the path of
execution arrives into slot recalculatePos, we never need
fear that the DiveEventItem will dereference a garbage
pointer to a struct event.
Fixes #968
Signed-off-by: K. Heller <pestophagous@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
| -rw-r--r-- | dive.c | 20 | ||||
| -rw-r--r-- | dive.h | 1 | ||||
| -rw-r--r-- | qt-ui/profile/diveeventitem.cpp | 8 | ||||
| -rw-r--r-- | qt-ui/profile/diveeventitem.h | 1 |
4 files changed, 26 insertions, 4 deletions
@@ -525,6 +525,22 @@ void selective_copy_dive(struct dive *s, struct dive *d, struct dive_components } #undef CONDITIONAL_COPY_STRING +struct event *clone_event(const struct event *src_ev) +{ + struct event *ev; + if (!src_ev) + return NULL; + + size_t size = sizeof(*src_ev) + strlen(src_ev->name) + 1; + ev = (struct event*) malloc(size); + if (!ev) + exit(1); + memcpy(ev, src_ev, size); + ev->next = NULL; + + return ev; +} + /* copies all events in this dive computer */ void copy_events(struct divecomputer *s, struct divecomputer *d) { @@ -534,9 +550,7 @@ void copy_events(struct divecomputer *s, struct divecomputer *d) ev = s->events; pev = &d->events; while (ev != NULL) { - int size = sizeof(*ev) + strlen(ev->name) + 1; - struct event *new_ev = malloc(size); - memcpy(new_ev, ev, size); + struct event *new_ev = clone_event(ev); *pev = new_ev; pev = &new_ev->next; ev = ev->next; @@ -725,6 +725,7 @@ extern int split_dive(struct dive *); extern struct dive *merge_dives(struct dive *a, struct dive *b, int offset, bool prefer_downloaded); extern struct dive *try_to_merge(struct dive *a, struct dive *b, bool prefer_downloaded); extern void renumber_dives(int start_nr, bool selected_only); +extern struct event *clone_event(const struct event *src_ev); extern void copy_events(struct divecomputer *s, struct divecomputer *d); extern void free_events(struct event *ev); extern void copy_cylinders(struct dive *s, struct dive *d, bool used_only); diff --git a/qt-ui/profile/diveeventitem.cpp b/qt-ui/profile/diveeventitem.cpp index 0bbc84267..083c8b5b8 100644 --- a/qt-ui/profile/diveeventitem.cpp +++ b/qt-ui/profile/diveeventitem.cpp @@ -19,6 +19,10 @@ DiveEventItem::DiveEventItem(QObject *parent) : DivePixmapItem(parent), setFlag(ItemIgnoresTransformations); } +DiveEventItem::~DiveEventItem() +{ + free(internalEvent); +} void DiveEventItem::setHorizontalAxis(DiveCartesianAxis *axis) { @@ -48,7 +52,9 @@ void DiveEventItem::setEvent(struct event *ev) { if (!ev) return; - internalEvent = ev; + + free(internalEvent); + internalEvent = clone_event(ev); setupPixmap(); setupToolTipString(); recalculatePos(true); diff --git a/qt-ui/profile/diveeventitem.h b/qt-ui/profile/diveeventitem.h index f358fee6d..9d6ad5d26 100644 --- a/qt-ui/profile/diveeventitem.h +++ b/qt-ui/profile/diveeventitem.h @@ -11,6 +11,7 @@ class DiveEventItem : public DivePixmapItem { Q_OBJECT public: DiveEventItem(QObject *parent = 0); + virtual ~DiveEventItem(); void setEvent(struct event *ev); struct event *getEvent(); void eventVisibilityChanged(const QString &eventName, bool visible); |