From 6ebeba3c7c142994051061c495850827e51b552f Mon Sep 17 00:00:00 2001 From: Dirk Hohndel Date: Mon, 6 Jul 2015 12:09:20 -0700 Subject: Be more careful freeing taxonomy data We want to only access data that we consider valid. And we need to clear out pointers to freed memory. Signed-off-by: Dirk Hohndel --- divesite.c | 14 ++++++++++---- qt-ui/mainwindow.cpp | 1 + 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/divesite.c b/divesite.c index 547b6b0dd..5abab7601 100644 --- a/divesite.c +++ b/divesite.c @@ -169,18 +169,23 @@ void copy_dive_site(struct dive_site *orig, struct dive_site *copy) copy->notes = copy_string(orig->notes); copy->description = copy_string(orig->description); copy->uuid = orig->uuid; - copy->taxonomy.nr = orig->taxonomy.nr; if (orig->taxonomy.category == NULL) { + free_taxonomy(copy->taxonomy.category); free(copy->taxonomy.category); copy->taxonomy.category = NULL; + copy->taxonomy.nr = 0; } else { if (copy->taxonomy.category == NULL) copy->taxonomy.category = alloc_taxonomy(); for (int i = 0; i < TC_NR_CATEGORIES; i++) { - free((void *)copy->taxonomy.category[i].value); - copy->taxonomy.category[i] = orig->taxonomy.category[i]; - copy->taxonomy.category[i].value = copy_string(orig->taxonomy.category[i].value); + if (i < copy->taxonomy.nr) + free((void *)copy->taxonomy.category[i].value); + if (i < orig->taxonomy.nr) { + copy->taxonomy.category[i] = orig->taxonomy.category[i]; + copy->taxonomy.category[i].value = copy_string(orig->taxonomy.category[i].value); + } } + copy->taxonomy.nr = orig->taxonomy.nr; } } @@ -197,4 +202,5 @@ void clear_dive_site(struct dive_site *ds) ds->uuid = 0; ds->taxonomy.nr = 0; free_taxonomy(ds->taxonomy.category); + ds->taxonomy.category = NULL; } diff --git a/qt-ui/mainwindow.cpp b/qt-ui/mainwindow.cpp index 2ea4766ab..305ddf6dc 100644 --- a/qt-ui/mainwindow.cpp +++ b/qt-ui/mainwindow.cpp @@ -631,6 +631,7 @@ void MainWindow::setupForAddAndPlan(const char *model) { // clean out the dive and give it an id and the correct dc model clear_dive(&displayed_dive); + clear_dive_site(&displayed_dive_site); displayed_dive.id = dive_getUniqID(&displayed_dive); displayed_dive.when = QDateTime::currentMSecsSinceEpoch() / 1000L + gettimezoneoffset() + 3600; displayed_dive.dc.model = model; // don't translate! this is stored in the XML file -- cgit v1.2.3-70-g09d2