Stable release crashes on import

Linus Torvalds torvalds at linux-foundation.org
Mon Apr 11 11:18:15 PDT 2016


On Mon, Apr 11, 2016 at 11:10 AM, Miika Turkia <miika.turkia at gmail.com> wrote:
>
> Seems that you were right about this (even though deciphering the
> instructions took a while :D) The attached patch works on my tests
> with the problematic input. It is against v4.5-branch.

No, try this instead. You still don't copy the dc properly. But the
allocations patterns may have changed enough to no longer crash.

Anyway, this should fix both the dc copy _and_ the real bug where we
overflow the samples.

             Linus
-------------- next part --------------
 dive.c                        | 7 +++----
 qt-ui/divelogimportdialog.cpp | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/dive.c b/dive.c
index 8dc43223e52c..f4552220f744 100644
--- a/dive.c
+++ b/dive.c
@@ -474,11 +474,10 @@ void copy_dive(struct dive *s, struct dive *d)
 		d->weightsystem[i].description = copy_string(s->weightsystem[i].description);
 	STRUCTURED_LIST_COPY(struct picture, s->picture_list, d->picture_list, copy_pl);
 	STRUCTURED_LIST_COPY(struct tag_entry, s->tag_list, d->tag_list, copy_tl);
+
+	/* Copy the embedded dc first, then copy the list */
+	copy_dc(&s->dc, &d->dc);
 	STRUCTURED_LIST_COPY(struct divecomputer, s->dc.next, d->dc.next, copy_dc);
-	/* this only copied dive computers 2 and up. The first dive computer is part
-	 * of the struct dive, so let's make copies of its samples and events */
-	copy_samples(&s->dc, &d->dc);
-	copy_events(&s->dc, &d->dc);
 }
 
 /* make a clone of the source dive and clean out the source dive;
diff --git a/qt-ui/divelogimportdialog.cpp b/qt-ui/divelogimportdialog.cpp
index 67faadf91614..26d38788c2b0 100644
--- a/qt-ui/divelogimportdialog.cpp
+++ b/qt-ui/divelogimportdialog.cpp
@@ -774,7 +774,7 @@ void DiveLogImportDialog::on_buttonBox_accepted()
 				}
 				// Seabear CSV stores NDL and TTS in Minutes, not seconds
 				struct dive *dive = dive_table.dives[dive_table.nr - 1];
-				for(int s_nr = 0 ; s_nr <= dive->dc.samples ; s_nr++) {
+				for(int s_nr = 0 ; s_nr < dive->dc.samples ; s_nr++) {
 					struct sample *sample = dive->dc.sample + s_nr;
 					sample->ndl.seconds *= 60;
 					sample->tts.seconds *= 60;


More information about the subsurface mailing list