summaryrefslogtreecommitdiffstats
path: root/parse-xml.c
diff options
context:
space:
mode:
authorGravatar Linus Torvalds <torvalds@linux-foundation.org>2015-11-02 18:03:01 -0800
committerGravatar Dirk Hohndel <dirk@hohndel.org>2015-12-06 09:00:55 -0800
commit3555361e4426a30c79aba5ff2dc7100ea852d325 (patch)
treeb45dcdfe71c17931a0c87659cad3bd8377cbca5d /parse-xml.c
parent77e259080fdd3effda23255e9f2fe95890880e76 (diff)
downloadsubsurface-3555361e4426a30c79aba5ff2dc7100ea852d325.tar.gz
Don't overflow cylinder array in xml parsing
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'parse-xml.c')
-rw-r--r--parse-xml.c56
1 files changed, 30 insertions, 26 deletions
diff --git a/parse-xml.c b/parse-xml.c
index 3d86222b9..93ce74305 100644
--- a/parse-xml.c
+++ b/parse-xml.c
@@ -1398,32 +1398,36 @@ static void try_to_fill_dive(struct dive *dive, const char *name, char *buf)
return;
if (MATCH("visibility.dive", get_rating, &dive->visibility))
return;
- if (MATCH("size.cylinder", cylindersize, &dive->cylinder[cur_cylinder_index].type.size))
- return;
- if (MATCH("workpressure.cylinder", pressure, &dive->cylinder[cur_cylinder_index].type.workingpressure))
- return;
- if (MATCH("description.cylinder", utf8_string, &dive->cylinder[cur_cylinder_index].type.description))
- return;
- if (MATCH("start.cylinder", pressure, &dive->cylinder[cur_cylinder_index].start))
- return;
- if (MATCH("end.cylinder", pressure, &dive->cylinder[cur_cylinder_index].end))
- return;
- if (MATCH("use.cylinder", cylinder_use, &dive->cylinder[cur_cylinder_index].cylinder_use))
- return;
- if (MATCH("description.weightsystem", utf8_string, &dive->weightsystem[cur_ws_index].description))
- return;
- if (MATCH("weight.weightsystem", weight, &dive->weightsystem[cur_ws_index].weight))
- return;
- if (MATCH("weight", weight, &dive->weightsystem[cur_ws_index].weight))
- return;
- if (MATCH("o2", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.o2))
- return;
- if (MATCH("o2percent", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.o2))
- return;
- if (MATCH("n2", gasmix_nitrogen, &dive->cylinder[cur_cylinder_index].gasmix))
- return;
- if (MATCH("he", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.he))
- return;
+ if (cur_ws_index < MAX_WEIGHTSYSTEMS) {
+ if (MATCH("description.weightsystem", utf8_string, &dive->weightsystem[cur_ws_index].description))
+ return;
+ if (MATCH("weight.weightsystem", weight, &dive->weightsystem[cur_ws_index].weight))
+ return;
+ if (MATCH("weight", weight, &dive->weightsystem[cur_ws_index].weight))
+ return;
+ }
+ if (cur_cylinder_index < MAX_CYLINDERS) {
+ if (MATCH("size.cylinder", cylindersize, &dive->cylinder[cur_cylinder_index].type.size))
+ return;
+ if (MATCH("workpressure.cylinder", pressure, &dive->cylinder[cur_cylinder_index].type.workingpressure))
+ return;
+ if (MATCH("description.cylinder", utf8_string, &dive->cylinder[cur_cylinder_index].type.description))
+ return;
+ if (MATCH("start.cylinder", pressure, &dive->cylinder[cur_cylinder_index].start))
+ return;
+ if (MATCH("end.cylinder", pressure, &dive->cylinder[cur_cylinder_index].end))
+ return;
+ if (MATCH("use.cylinder", cylinder_use, &dive->cylinder[cur_cylinder_index].cylinder_use))
+ return;
+ if (MATCH("o2", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.o2))
+ return;
+ if (MATCH("o2percent", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.o2))
+ return;
+ if (MATCH("n2", gasmix_nitrogen, &dive->cylinder[cur_cylinder_index].gasmix))
+ return;
+ if (MATCH("he", gasmix, &dive->cylinder[cur_cylinder_index].gasmix.he))
+ return;
+ }
if (MATCH("air.divetemperature", temperature, &dive->airtemp))
return;
if (MATCH("water.divetemperature", temperature, &dive->watertemp))