[PATCH] Crash fix in add_single_dive. No writing to dive_table.dives[-1]

K. "pestophagous" Heller pestophagous at gmail.com
Thu Dec 3 22:10:03 PST 2015


Signed-off-by: K. Heller <pestophagous at gmail.com>
---

This a RESUBMIT. (labeling it as such for clarity.)

These are the same two lines I submitted on Nov 24.

This patch held up under scrutiny in November already, see here:
http://lists.subsurface-divelog.org/pipermail/subsurface/2015-November/thread.html#23414

Lubomir reasonably questioned whether there is a need to patch
add_single_dive rather than fixing the call site (which indeed
is a buggy call site in the unfinished 'Add Dive' area of the
mobile app).

I think all Lubomir's concerns are now put to rest.
Maybe you could issue an ACK, Lubomir?

The buggy call site of add_single_dive still needs work, too.

But to me, this two-line patch "just makes sense" regardless of call
site. It shouldn't be that easy to crash a subsurface-core function.
(and it was a nasty belated crash, too.)

 subsurface-core/divelist.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/subsurface-core/divelist.c b/subsurface-core/divelist.c
index a14fabf..a2e94c0 100644
--- a/subsurface-core/divelist.c
+++ b/subsurface-core/divelist.c
@@ -790,6 +790,9 @@ void add_single_dive(int idx, struct dive *dive)
 	dive_table.nr++;
 	if (dive->selected)
 		amount_selected++;
+	if (idx < 0)
+		// convert an idx of -1 so we do insert-at-end:
+		idx = dive_table.nr - 1;
 	for (i = idx; i < dive_table.nr; i++) {
 		struct dive *tmp = dive_table.dives[i];
 		dive_table.dives[i] = dive;
-- 
2.5.0



More information about the subsurface mailing list