tankinfomodel.cpp: clamp row index to [0 - MAX_TANK_INFO]

MAX_TANK_INFO is a new macro in dive.h to define the maximum number of tank_info_t objects. TankInfoModel's data() and setData() now check for valid row indexes before accessing the tank_info[] array directly. Without this patch TankInfoMode::data() can cause a SIGSEGV. Reported-by: Pedro Neves <nevesdiver@gmail.com> Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com> Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2024-11-28 05:00:20 +00:00 · 2017-06-14 01:45:18 +03:00 · 2017-06-14 01:45:18 +03:00 · 27deb317b0
commit 27deb317b0
parent 85021b94b1
2 changed files with 7 additions and 2 deletions
--- a/core/dive.h
+++ b/core/dive.h
@ -296,6 +296,7 @@ struct divecomputer {

 #define MAX_CYLINDERS (20)
 #define MAX_WEIGHTSYSTEMS (6)
+#define MAX_TANK_INFO (100)
 #define W_IDX_PRIMARY 0
 #define W_IDX_SECONDARY 1

@ -923,7 +924,7 @@ struct tank_info_t {
 	const char *name;
 	int cuft, ml, psi, bar;
 };
-extern struct tank_info_t tank_info[100];
+extern struct tank_info_t tank_info[MAX_TANK_INFO];

 struct ws_info_t {
 	const char *name;
--- a/qt-models/tankinfomodel.cpp
+++ b/qt-models/tankinfomodel.cpp
@ -28,6 +28,10 @@ bool TankInfoModel::setData(const QModelIndex &index, const QVariant &value, int
 {
 	//WARN Seems wrong, we need to check for role == Qt::EditRole
 	Q_UNUSED(role);
+
+	if (index.row() < 0 || index.row() > MAX_TANK_INFO - 1)
+		return false;
+
 	struct tank_info_t *info = &tank_info[index.row()];
 	switch (index.column()) {
 	case DESCRIPTION:
@ -51,7 +55,7 @@ void TankInfoModel::clear()
 QVariant TankInfoModel::data(const QModelIndex &index, int role) const
 {
 	QVariant ret;
-	if (!index.isValid()) {
+	if (!index.isValid() || index.row() < 0 || index.row() > MAX_TANK_INFO - 1) {
 		return ret;
 	}
 	if (role == Qt::FontRole) {