mirror of
https://github.com/subsurface/subsurface.git
synced 2025-02-19 22:16:15 +00:00
769aca9e95
In a number of places the global 'tank_info' array is being iterated based on a 'tank_info[idx].name != NULL' condition. This is dangerous because if the user has added a lot of tanks, such loops can reach 'tank_info[MAX_TANK_INFO]'. This is an out of bounds read and if the 'name' pointer there happens to be non-NULL, passing that address to a peace of code that tries to read it (like strlen()) would either SIGSEGV or have undefined behavior. Clamp all loops that iterate 'tank_info' to MAX_TANK_INFO. Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com> |
||
|---|---|---|
| .. | ||
| css | ||
| plugins | ||
| preferences | ||
| statistics | ||
| tab-widgets | ||
| about.cpp | ||
| about.h | ||
| about.ui | ||
| btdeviceselectiondialog.cpp | ||
| btdeviceselectiondialog.h | ||
| btdeviceselectiondialog.ui | ||
| CMakeLists.txt | ||
| configuredivecomputerdialog.cpp | ||
| configuredivecomputerdialog.h | ||
| configuredivecomputerdialog.ui | ||
| divecomponentselection.ui | ||
| divecomputermanagementdialog.cpp | ||
| divecomputermanagementdialog.h | ||
| divecomputermanagementdialog.ui | ||
| divelistview.cpp | ||
| divelistview.h | ||
| divelogexportdialog.cpp | ||
| divelogexportdialog.h | ||
| divelogexportdialog.ui | ||
| divelogimportdialog.cpp | ||
| divelogimportdialog.h | ||
| divelogimportdialog.ui | ||
| divepicturewidget.cpp | ||
| divepicturewidget.h | ||
| diveplanner.cpp | ||
| diveplanner.h | ||
| diveplanner.ui | ||
| diveshareexportdialog.cpp | ||
| diveshareexportdialog.h | ||
| diveshareexportdialog.ui | ||
| downloadfromdivecomputer.cpp | ||
| downloadfromdivecomputer.h | ||
| downloadfromdivecomputer.ui | ||
| filterwidget.ui | ||
| groupedlineedit.cpp | ||
| groupedlineedit.h | ||
| kmessagewidget.cpp | ||
| kmessagewidget.h | ||
| listfilter.ui | ||
| locationinformation.cpp | ||
| locationinformation.h | ||
| locationInformation.ui | ||
| mainwindow.cpp | ||
| mainwindow.h | ||
| mainwindow.ui | ||
| mapwidget.cpp | ||
| mapwidget.h | ||
| modeldelegates.cpp | ||
| modeldelegates.h | ||
| notificationwidget.cpp | ||
| notificationwidget.h | ||
| plannerDetails.ui | ||
| plannerSettings.ui | ||
| printdialog.cpp | ||
| printdialog.h | ||
| printer.cpp | ||
| printer.h | ||
| printoptions.cpp | ||
| printoptions.h | ||
| printoptions.ui | ||
| qtwaitingspinner.cpp | ||
| qtwaitingspinner.h | ||
| renumber.ui | ||
| searchbar.ui | ||
| setpoint.ui | ||
| shiftimagetimes.ui | ||
| shifttimes.ui | ||
| simplewidgets.cpp | ||
| simplewidgets.h | ||
| starwidget.cpp | ||
| starwidget.h | ||
| subsurfacewebservices.cpp | ||
| subsurfacewebservices.h | ||
| tableview.cpp | ||
| tableview.h | ||
| tableview.ui | ||
| tagwidget.cpp | ||
| tagwidget.h | ||
| templateedit.cpp | ||
| templateedit.h | ||
| templateedit.ui | ||
| templatelayout.cpp | ||
| templatelayout.h | ||
| undocommands.cpp | ||
| undocommands.h | ||
| updatemanager.cpp | ||
| updatemanager.h | ||
| urldialog.ui | ||
| usermanual.cpp | ||
| usermanual.h | ||
| usersurvey.cpp | ||
| usersurvey.h | ||
| usersurvey.ui | ||
| webservices.ui | ||