Stable release crashes on import
Linus Torvalds
torvalds at linux-foundation.org
Mon Apr 11 11:18:15 PDT 2016
On Mon, Apr 11, 2016 at 11:10 AM, Miika Turkia <miika.turkia at gmail.com> wrote:
>
> Seems that you were right about this (even though deciphering the
> instructions took a while :D) The attached patch works on my tests
> with the problematic input. It is against v4.5-branch.
No, try this instead. You still don't copy the dc properly. But the
allocations patterns may have changed enough to no longer crash.
Anyway, this should fix both the dc copy _and_ the real bug where we
overflow the samples.
Linus
-------------- next part --------------
dive.c | 7 +++----
qt-ui/divelogimportdialog.cpp | 2 +-
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/dive.c b/dive.c
index 8dc43223e52c..f4552220f744 100644
--- a/dive.c
+++ b/dive.c
@@ -474,11 +474,10 @@ void copy_dive(struct dive *s, struct dive *d)
d->weightsystem[i].description = copy_string(s->weightsystem[i].description);
STRUCTURED_LIST_COPY(struct picture, s->picture_list, d->picture_list, copy_pl);
STRUCTURED_LIST_COPY(struct tag_entry, s->tag_list, d->tag_list, copy_tl);
+
+ /* Copy the embedded dc first, then copy the list */
+ copy_dc(&s->dc, &d->dc);
STRUCTURED_LIST_COPY(struct divecomputer, s->dc.next, d->dc.next, copy_dc);
- /* this only copied dive computers 2 and up. The first dive computer is part
- * of the struct dive, so let's make copies of its samples and events */
- copy_samples(&s->dc, &d->dc);
- copy_events(&s->dc, &d->dc);
}
/* make a clone of the source dive and clean out the source dive;
diff --git a/qt-ui/divelogimportdialog.cpp b/qt-ui/divelogimportdialog.cpp
index 67faadf91614..26d38788c2b0 100644
--- a/qt-ui/divelogimportdialog.cpp
+++ b/qt-ui/divelogimportdialog.cpp
@@ -774,7 +774,7 @@ void DiveLogImportDialog::on_buttonBox_accepted()
}
// Seabear CSV stores NDL and TTS in Minutes, not seconds
struct dive *dive = dive_table.dives[dive_table.nr - 1];
- for(int s_nr = 0 ; s_nr <= dive->dc.samples ; s_nr++) {
+ for(int s_nr = 0 ; s_nr < dive->dc.samples ; s_nr++) {
struct sample *sample = dive->dc.sample + s_nr;
sample->ndl.seconds *= 60;
sample->tts.seconds *= 60;
More information about the subsurface
mailing list