Cylinders: access cylinders with get_cylinder()

Instead of accessing the cylinder table directly, use the get_cylinder()
function. This gives less unwieldy expressions. But more importantly,
the function does bound checking. This is crucial for now as the code
hasn't be properly audited since the change to arbitrarily sized
cylinder tables. Accesses of invalid cylinder indexes may lead to
silent data-corruption that is sometimes not even noticed by
valgrind. Returning NULL instead of an invalid pointer will make
debugging much easier.

Signed-off-by: Berthold Stoeger <bstoeger@mail.tuwien.ac.at>

1 files changed, 3 insertions, 3 deletions

diff --git a/core/statistics.c b/core/statistics.c
index fa7985c90..7adffa2f0 100644
--- a/core/statistics.c
+++ b/core/statistics.c
@@ -334,7 +334,7 @@ bool is_cylinder_used(const struct dive *dive, int idx)
 	if (idx < 0 || idx >= dive->cylinders.nr)
 		return false;
 
-	cyl = &dive->cylinders.cylinders[idx];
+	cyl = get_cylinder(dive, idx);
 	if ((cyl->start.mbar - cyl->end.mbar) > SOME_GAS)
 		return true;
 
@@ -369,7 +369,7 @@ volume_t *get_gas_used(struct dive *dive)
 
 	volume_t *gases = malloc(dive->cylinders.nr * sizeof(volume_t));
 	for (idx = 0; idx < dive->cylinders.nr; idx++) {
-		cylinder_t *cyl = &dive->cylinders.cylinders[idx];
+		cylinder_t *cyl = get_cylinder(dive, idx);
 		pressure_t start, end;
 
 		start = cyl->start.mbar ? cyl->start : cyl->sample_start;
@@ -408,7 +408,7 @@ void selected_dives_gas_parts(volume_t *o2_tot, volume_t *he_tot)
 		for (j = 0; j < d->cylinders.nr; j++) {
 			if (diveGases[j].mliter) {
 				volume_t o2 = {}, he = {};
-				get_gas_parts(d->cylinders.cylinders[j].gasmix, diveGases[j], O2_IN_AIR, &o2, &he);
+				get_gas_parts(get_cylinder(d, j)->gasmix, diveGases[j], O2_IN_AIR, &o2, &he);
 				o2_tot->mliter += o2.mliter;
 				he_tot->mliter += he.mliter;
 			}