diff options
| author |  Lubomir I. Ivanov <neolit123@gmail.com> | 2018-06-19 03:59:33 +0300 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2018-06-20 09:30:58 +0900 |
| commit | 06a870c232513aca96a624535d648a6e7c098e5f (patch) | |
| tree | e6ed0b467310dec2ccbf1e4c6b83d026564fc4cf /qt-models | |
| parent | 769aca9e956cd4bb7cc97be813968348f5e7f3d2 (diff) | |
| download | subsurface-06a870c232513aca96a624535d648a6e7c098e5f.tar.gz | |
equipment: sanitize 'ws_info' loop limits
Instead of a constant or a macro for the maximum
number of 'ws_info' elements the 100 literal was used.
Define MAX_WS_INFO in dive.h and use it everywhere.
Also clamp loops that iterate `ws_info' to MAX_WS_INFO.
Prevents potential out-of-bounds reading, similarly to
the previous commit about 'tank_info'.
Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Diffstat (limited to 'qt-models')
| -rw-r--r-- | qt-models/weightmodel.cpp | 2 | ||||
| -rw-r--r-- | qt-models/weightsysteminfomodel.cpp | 13 |
2 files changed, 7 insertions, 8 deletions
diff --git a/qt-models/weightmodel.cpp b/qt-models/weightmodel.cpp index 77114eaea..b8e9ffa5d 100644 --- a/qt-models/weightmodel.cpp +++ b/qt-models/weightmodel.cpp @@ -107,7 +107,7 @@ bool WeightModel::setData(const QModelIndex &index, const QVariant &value, int r if (!ws->description || gettextFromC::tr(ws->description) != vString) { // loop over translations to see if one matches int i = -1; - while (ws_info[++i].name) { + while (ws_info[++i].name && i < MAX_WS_INFO) { if (gettextFromC::tr(ws_info[i].name) == vString) { ws->description = copy_string(ws_info[i].name); break; diff --git a/qt-models/weightsysteminfomodel.cpp b/qt-models/weightsysteminfomodel.cpp index f843c8ef0..f8d2905cf 100644 --- a/qt-models/weightsysteminfomodel.cpp +++ b/qt-models/weightsysteminfomodel.cpp @@ -79,8 +79,8 @@ const QString &WSInfoModel::biggerString() const WSInfoModel::WSInfoModel() : rows(-1) { setHeaderDataStrings(QStringList() << tr("Description") << tr("kg")); - struct ws_info_t *info = ws_info; - for (info = ws_info; info->name; info++, rows++) { + struct ws_info_t *info; + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) { QString wsInfoName = gettextFromC::tr(info->name); if (wsInfoName.count() > biggerEntry.count()) biggerEntry = wsInfoName; @@ -94,11 +94,11 @@ WSInfoModel::WSInfoModel() : rows(-1) void WSInfoModel::updateInfo() { - struct ws_info_t *info = ws_info; + struct ws_info_t *info; beginRemoveRows(QModelIndex(), 0, this->rows); endRemoveRows(); rows = -1; - for (info = ws_info; info->name; info++, rows++) { + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) { QString wsInfoName = gettextFromC::tr(info->name); if (wsInfoName.count() > biggerEntry.count()) biggerEntry = wsInfoName; @@ -117,9 +117,8 @@ void WSInfoModel::update() endRemoveRows(); rows = -1; } - struct ws_info_t *info = ws_info; - for (info = ws_info; info->name; info++, rows++) - ; + struct ws_info_t *info; + for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++); if (rows > -1) { beginInsertRows(QModelIndex(), 0, rows); |