diff options
| author |  K. \"pestophagous\" Heller <pestophagous@gmail.com> | 2015-12-03 21:42:23 -0800 |
|---|---|---|
| committer |  Dirk Hohndel <dirk@hohndel.org> | 2015-12-03 22:56:23 -0800 |
| commit | 2778470b9755af2349a70f127e208750afda7725 (patch) | |
| tree | 334f68c2aa1802c21634799b0d85f20b0222f304 /subsurface-core | |
| parent | b0063e5d1a6004e4459a872ae166065e52e460d6 (diff) | |
| download | subsurface-2778470b9755af2349a70f127e208750afda7725.tar.gz | |
Prevent gaschange tank icons from using garbage coords.
Tank icons were shown at incorrect spots on the profile
when the DiveEventItem object held a pointer to a struct
event even after the struct event at that address had
been freed. When internalEvent is a pointer to freed
memory, internalEvent->time.seconds could have all kinds
of crazy values, which get used in member function
DiveEventItem::recalculatePos to place the tank at bad
x coordinates.
The DiveEventItem(s) no longer store a pointer to memory
that they do not own. This way, no matter how the path of
execution arrives into slot recalculatePos, we never need
fear that the DiveEventItem will dereference a garbage
pointer to a struct event.
Fixes #968
Signed-off-by: K. Heller <pestophagous@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
Diffstat (limited to 'subsurface-core')
| -rw-r--r-- | subsurface-core/dive.c | 20 | ||||
| -rw-r--r-- | subsurface-core/dive.h | 1 |
2 files changed, 18 insertions, 3 deletions
diff --git a/subsurface-core/dive.c b/subsurface-core/dive.c index 52175db71..46129b86a 100644 --- a/subsurface-core/dive.c +++ b/subsurface-core/dive.c @@ -525,6 +525,22 @@ void selective_copy_dive(struct dive *s, struct dive *d, struct dive_components } #undef CONDITIONAL_COPY_STRING +struct event *clone_event(const struct event *src_ev) +{ + struct event *ev; + if (!src_ev) + return NULL; + + size_t size = sizeof(*src_ev) + strlen(src_ev->name) + 1; + ev = (struct event*) malloc(size); + if (!ev) + exit(1); + memcpy(ev, src_ev, size); + ev->next = NULL; + + return ev; +} + /* copies all events in this dive computer */ void copy_events(struct divecomputer *s, struct divecomputer *d) { @@ -534,9 +550,7 @@ void copy_events(struct divecomputer *s, struct divecomputer *d) ev = s->events; pev = &d->events; while (ev != NULL) { - int size = sizeof(*ev) + strlen(ev->name) + 1; - struct event *new_ev = malloc(size); - memcpy(new_ev, ev, size); + struct event *new_ev = clone_event(ev); *pev = new_ev; pev = &new_ev->next; ev = ev->next; diff --git a/subsurface-core/dive.h b/subsurface-core/dive.h index 3ff262e96..ff7dbd2be 100644 --- a/subsurface-core/dive.h +++ b/subsurface-core/dive.h @@ -726,6 +726,7 @@ extern int split_dive(struct dive *); extern struct dive *merge_dives(struct dive *a, struct dive *b, int offset, bool prefer_downloaded); extern struct dive *try_to_merge(struct dive *a, struct dive *b, bool prefer_downloaded); extern void renumber_dives(int start_nr, bool selected_only); +extern struct event *clone_event(const struct event *src_ev); extern void copy_events(struct divecomputer *s, struct divecomputer *d); extern void free_events(struct event *ev); extern void copy_cylinders(struct dive *s, struct dive *d, bool used_only); |