From 27deb317b00aa61bedea8d781d8cff8be9a3720e Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <neolit123@gmail.com>
Date: Wed, 14 Jun 2017 01:45:18 +0300
Subject: tankinfomodel.cpp: clamp row index to [0 - MAX_TANK_INFO]

MAX_TANK_INFO is a new macro in dive.h to define the
maximum number of tank_info_t objects.

TankInfoModel's data() and setData() now check for valid
row indexes before accessing the tank_info[] array directly.

Without this patch TankInfoMode::data() can cause a SIGSEGV.

Reported-by: Pedro Neves <nevesdiver@gmail.com>
Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
---
 qt-models/tankinfomodel.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'qt-models')

diff --git a/qt-models/tankinfomodel.cpp b/qt-models/tankinfomodel.cpp
index 75303d857..97f0e8010 100644
--- a/qt-models/tankinfomodel.cpp
+++ b/qt-models/tankinfomodel.cpp
@@ -28,6 +28,10 @@ bool TankInfoModel::setData(const QModelIndex &index, const QVariant &value, int
 {
 	//WARN Seems wrong, we need to check for role == Qt::EditRole
 	Q_UNUSED(role);
+
+	if (index.row() < 0 || index.row() > MAX_TANK_INFO - 1)
+		return false;
+
 	struct tank_info_t *info = &tank_info[index.row()];
 	switch (index.column()) {
 	case DESCRIPTION:
@@ -51,7 +55,7 @@ void TankInfoModel::clear()
 QVariant TankInfoModel::data(const QModelIndex &index, int role) const
 {
 	QVariant ret;
-	if (!index.isValid()) {
+	if (!index.isValid() || index.row() < 0 || index.row() > MAX_TANK_INFO - 1) {
 		return ret;
 	}
 	if (role == Qt::FontRole) {
-- 
cgit v1.2.3-70-g09d2