summaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorGravatar Lubomir I. Ivanov <neolit123@gmail.com>2018-06-19 03:59:33 +0300
committerGravatar Dirk Hohndel <dirk@hohndel.org>2018-06-20 09:30:58 +0900
commit06a870c232513aca96a624535d648a6e7c098e5f (patch)
treee6ed0b467310dec2ccbf1e4c6b83d026564fc4cf /core
parent769aca9e956cd4bb7cc97be813968348f5e7f3d2 (diff)
downloadsubsurface-06a870c232513aca96a624535d648a6e7c098e5f.tar.gz
equipment: sanitize 'ws_info' loop limits
Instead of a constant or a macro for the maximum number of 'ws_info' elements the 100 literal was used. Define MAX_WS_INFO in dive.h and use it everywhere. Also clamp loops that iterate `ws_info' to MAX_WS_INFO. Prevents potential out-of-bounds reading, similarly to the previous commit about 'tank_info'. Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Diffstat (limited to 'core')
-rw-r--r--core/dive.h3
-rw-r--r--core/equipment.c6
2 files changed, 5 insertions, 4 deletions
diff --git a/core/dive.h b/core/dive.h
index 326dfe54b..3ab270261 100644
--- a/core/dive.h
+++ b/core/dive.h
@@ -275,6 +275,7 @@ struct divecomputer {
#define MAX_CYLINDERS (20)
#define MAX_WEIGHTSYSTEMS (6)
#define MAX_TANK_INFO (100)
+#define MAX_WS_INFO (100)
#define W_IDX_PRIMARY 0
#define W_IDX_SECONDARY 1
@@ -944,7 +945,7 @@ struct ws_info_t {
const char *name;
int grams;
};
-extern struct ws_info_t ws_info[100];
+extern struct ws_info_t ws_info[MAX_WS_INFO];
extern bool cylinder_nodata(const cylinder_t *cyl);
extern bool cylinder_none(void *_data);
diff --git a/core/equipment.c b/core/equipment.c
index aca58ba77..0df62e332 100644
--- a/core/equipment.c
+++ b/core/equipment.c
@@ -43,13 +43,13 @@ void add_weightsystem_description(weightsystem_t *weightsystem)
desc = weightsystem->description;
if (!desc)
return;
- for (i = 0; i < 100 && ws_info[i].name != NULL; i++) {
+ for (i = 0; i < MAX_WS_INFO && ws_info[i].name != NULL; i++) {
if (strcmp(ws_info[i].name, desc) == 0) {
ws_info[i].grams = weightsystem->weight.grams;
return;
}
}
- if (i < 100) {
+ if (i < MAX_WS_INFO) {
// FIXME: leaked on exit
ws_info[i].name = strdup(desc);
ws_info[i].grams = weightsystem->weight.grams;
@@ -181,7 +181,7 @@ struct tank_info_t tank_info[100] = {
* We hardcode the most common weight system types
* This is a bit odd as the weight system types don't usually encode weight
*/
-struct ws_info_t ws_info[100] = {
+struct ws_info_t ws_info[MAX_WS_INFO] = {
{ QT_TRANSLATE_NOOP("gettextFromC", "integrated"), 0 },
{ QT_TRANSLATE_NOOP("gettextFromC", "belt"), 0 },
{ QT_TRANSLATE_NOOP("gettextFromC", "ankle"), 0 },