From 06a870c232513aca96a624535d648a6e7c098e5f Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <neolit123@gmail.com>
Date: Tue, 19 Jun 2018 03:59:33 +0300
Subject: equipment: sanitize 'ws_info' loop limits

Instead of a constant or a macro for the maximum
number of 'ws_info' elements the 100 literal was used.

Define MAX_WS_INFO in dive.h and use it everywhere.

Also clamp loops that iterate `ws_info' to MAX_WS_INFO.
Prevents potential out-of-bounds reading, similarly to
the previous commit about 'tank_info'.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
---
 qt-models/weightmodel.cpp           |  2 +-
 qt-models/weightsysteminfomodel.cpp | 13 ++++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

(limited to 'qt-models')

diff --git a/qt-models/weightmodel.cpp b/qt-models/weightmodel.cpp
index 77114eaea..b8e9ffa5d 100644
--- a/qt-models/weightmodel.cpp
+++ b/qt-models/weightmodel.cpp
@@ -107,7 +107,7 @@ bool WeightModel::setData(const QModelIndex &index, const QVariant &value, int r
 			if (!ws->description || gettextFromC::tr(ws->description) != vString) {
 				// loop over translations to see if one matches
 				int i = -1;
-				while (ws_info[++i].name) {
+				while (ws_info[++i].name && i < MAX_WS_INFO) {
 					if (gettextFromC::tr(ws_info[i].name) == vString) {
 						ws->description = copy_string(ws_info[i].name);
 						break;
diff --git a/qt-models/weightsysteminfomodel.cpp b/qt-models/weightsysteminfomodel.cpp
index f843c8ef0..f8d2905cf 100644
--- a/qt-models/weightsysteminfomodel.cpp
+++ b/qt-models/weightsysteminfomodel.cpp
@@ -79,8 +79,8 @@ const QString &WSInfoModel::biggerString() const
 WSInfoModel::WSInfoModel() : rows(-1)
 {
 	setHeaderDataStrings(QStringList() << tr("Description") << tr("kg"));
-	struct ws_info_t *info = ws_info;
-	for (info = ws_info; info->name; info++, rows++) {
+	struct ws_info_t *info;
+	for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) {
 		QString wsInfoName = gettextFromC::tr(info->name);
 		if (wsInfoName.count() > biggerEntry.count())
 			biggerEntry = wsInfoName;
@@ -94,11 +94,11 @@ WSInfoModel::WSInfoModel() : rows(-1)
 
 void WSInfoModel::updateInfo()
 {
-	struct ws_info_t *info = ws_info;
+	struct ws_info_t *info;
 	beginRemoveRows(QModelIndex(), 0, this->rows);
 	endRemoveRows();
 	rows = -1;
-	for (info = ws_info; info->name; info++, rows++) {
+	for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++) {
 		QString wsInfoName = gettextFromC::tr(info->name);
 		if (wsInfoName.count() > biggerEntry.count())
 			biggerEntry = wsInfoName;
@@ -117,9 +117,8 @@ void WSInfoModel::update()
 		endRemoveRows();
 		rows = -1;
 	}
-	struct ws_info_t *info = ws_info;
-	for (info = ws_info; info->name; info++, rows++)
-		;
+	struct ws_info_t *info;
+	for (info = ws_info; info->name && info < ws_info + MAX_WS_INFO; info++, rows++);
 
 	if (rows > -1) {
 		beginInsertRows(QModelIndex(), 0, rows);
-- 
cgit v1.2.3-70-g09d2