Fix cylinder gas type saving when we have bogus gas use data

Steve Williams reported a crash when saving a previously loaded dive as xml, and gave a gdb backtrace. It turns out that if we can't parse the cylinder use type (OC, diluent, oxygen, unused) we initialize the cylinder use to an invalid type, and then when we save it, we mess up. Fix it up by doing proper limit checking before accessing the "cylinderuse_text[]" array when saving. Reported-by: Steve <stevewilliams@internode.on.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-11-30 22:20:21 +00:00 · 2019-07-14 10:40:04 -07:00 · 2019-07-14 10:40:04 -07:00 · c685c05ff4
commit c685c05ff4
parent 3f2a73db7f
4 changed files with 8 additions and 6 deletions
--- a/core/dive.c
+++ b/core/dive.c
@ -23,7 +23,7 @@
 * here */
 struct dive displayed_dive;

-const char *cylinderuse_text[] = {
+const char *cylinderuse_text[NUM_GAS_USE] = {
 	QT_TRANSLATE_NOOP("gettextFromC", "OC-gas"), QT_TRANSLATE_NOOP("gettextFromC", "diluent"), QT_TRANSLATE_NOOP("gettextFromC", "oxygen"), QT_TRANSLATE_NOOP("gettextFromC", "not used")
 };

--- a/core/dive.h
+++ b/core/dive.h
@ -23,7 +23,7 @@ extern int last_xml_version;

 enum divemode_t {OC, CCR, PSCR, FREEDIVE, NUM_DIVEMODE, UNDEF_COMP_TYPE};	// Flags (Open-circuit and Closed-circuit-rebreather) for setting dive computer type

-extern const char *cylinderuse_text[];
+extern const char *cylinderuse_text[NUM_GAS_USE];
 extern const char *divemode_text_ui[];
 extern const char *divemode_text[];

--- a/core/save-git.c
+++ b/core/save-git.c
@ -140,6 +140,7 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive)
 		cylinder_t *cylinder = dive->cylinder + i;
 		int volume = cylinder->type.size.mliter;
 		const char *description = cylinder->type.description;
+		int use = cylinder->cylinder_use;

 		put_string(b, "cylinder");
 		if (volume)
@ -150,8 +151,8 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive)
 		put_gasmix(b, cylinder->gasmix);
 		put_pressure(b, cylinder->start, " start=", "bar");
 		put_pressure(b, cylinder->end, " end=", "bar");
-		if (cylinder->cylinder_use != OC_GAS)
-			put_format(b, " use=%s", cylinderuse_text[cylinder->cylinder_use]);
+		if (use > OC_GAS && use < NUM_GAS_USE)
+			show_utf8(b, " use=", cylinderuse_text[use], "");
 		if (cylinder->depth.mm != 0)
 			put_milli(b, " depth=", cylinder->depth.mm, "m");
 		put_string(b, "\n");
--- a/core/save-xml.c
+++ b/core/save-xml.c
@ -180,6 +180,7 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive)
 		cylinder_t *cylinder = dive->cylinder + i;
 		int volume = cylinder->type.size.mliter;
 		const char *description = cylinder->type.description;
+		int use = cylinder->cylinder_use;

 		put_format(b, "  <cylinder");
 		if (volume)
@ -189,8 +190,8 @@ static void save_cylinder_info(struct membuffer *b, struct dive *dive)
 		put_gasmix(b, cylinder->gasmix);
 		put_pressure(b, cylinder->start, " start='", " bar'");
 		put_pressure(b, cylinder->end, " end='", " bar'");
-		if (cylinder->cylinder_use != OC_GAS)
-			show_utf8(b, cylinderuse_text[cylinder->cylinder_use], " use='", "'", 1);
+		if (use > OC_GAS && use < NUM_GAS_USE)
+			show_utf8(b, cylinderuse_text[use], " use='", "'", 1);
 		if (cylinder->depth.mm != 0)
 			put_milli(b, " depth='", cylinder->depth.mm, " m'");
 		put_format(b, " />\n");