mirror of
https://github.com/subsurface/subsurface.git
synced 2025-01-19 22:35:27 +00:00
769aca9e95
In a number of places the global 'tank_info' array is being iterated based on a 'tank_info[idx].name != NULL' condition. This is dangerous because if the user has added a lot of tanks, such loops can reach 'tank_info[MAX_TANK_INFO]'. This is an out of bounds read and if the 'name' pointer there happens to be non-NULL, passing that address to a peace of code that tries to read it (like strlen()) would either SIGSEGV or have undefined behavior. Clamp all loops that iterate 'tank_info' to MAX_TANK_INFO. Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com> |
||
|---|---|---|
| .. | ||
| abstractpreferenceswidget.cpp | ||
| abstractpreferenceswidget.h | ||
| CMakeLists.txt | ||
| preferences_defaults.cpp | ||
| preferences_defaults.h | ||
| preferences_defaults.ui | ||
| preferences_georeference.cpp | ||
| preferences_georeference.h | ||
| preferences_georeference.ui | ||
| preferences_graph.cpp | ||
| preferences_graph.h | ||
| preferences_graph.ui | ||
| preferences_language.cpp | ||
| preferences_language.h | ||
| preferences_language.ui | ||
| preferences_network.cpp | ||
| preferences_network.h | ||
| preferences_network.ui | ||
| preferences_units.cpp | ||
| preferences_units.h | ||
| preferences_units.ui | ||
| preferencesdialog.cpp | ||
| preferencesdialog.h | ||