[PATCH] tankinfomodel.cpp: clamp row index to [0 - MAX_TANK_INFO]

Lubomir I. Ivanov neolit123 at gmail.com
Tue Jun 13 15:45:18 PDT 2017 

From: "Lubomir I. Ivanov" <neolit123 at gmail.com>

MAX_TANK_INFO is a new macro in dive.h to define the
maximum number of tank_info_t objects.

TankInfoModel's data() and setData() now check for valid
row indexes before accessing the tank_info[] array directly.

Without this patch TankInfoMode::data() can cause a SIGSEGV.

Reported-by: Pedro Neves <nevesdiver at gmail.com>
Signed-off-by: Lubomir I. Ivanov <neolit123 at gmail.com>
---

sesm to only happen for Perdo's log (45MB).

i don't know the underlying cause - i.e. why QModelIndex returns
a value of >99.

maybe Tomaz can find the underlying bug?
---
 core/dive.h                 | 3 ++-
 qt-models/tankinfomodel.cpp | 6 +++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/core/dive.h b/core/dive.h
index c65d3ff..2565b4a 100644
--- a/core/dive.h
+++ b/core/dive.h
@@ -296,6 +296,7 @@ struct divecomputer {
 
 #define MAX_CYLINDERS (20)
 #define MAX_WEIGHTSYSTEMS (6)
+#define MAX_TANK_INFO (100)
 #define W_IDX_PRIMARY 0
 #define W_IDX_SECONDARY 1
 
@@ -923,7 +924,7 @@ struct tank_info_t {
 	const char *name;
 	int cuft, ml, psi, bar;
 };
-extern struct tank_info_t tank_info[100];
+extern struct tank_info_t tank_info[MAX_TANK_INFO];
 
 struct ws_info_t {
 	const char *name;
diff --git a/qt-models/tankinfomodel.cpp b/qt-models/tankinfomodel.cpp
index 75303d8..97f0e80 100644
--- a/qt-models/tankinfomodel.cpp
+++ b/qt-models/tankinfomodel.cpp
@@ -28,6 +28,10 @@ bool TankInfoModel::setData(const QModelIndex &index, const QVariant &value, int
 {
 	//WARN Seems wrong, we need to check for role == Qt::EditRole
 	Q_UNUSED(role);
+
+	if (index.row() < 0 || index.row() > MAX_TANK_INFO - 1)
+		return false;
+
 	struct tank_info_t *info = &tank_info[index.row()];
 	switch (index.column()) {
 	case DESCRIPTION:
@@ -51,7 +55,7 @@ void TankInfoModel::clear()
 QVariant TankInfoModel::data(const QModelIndex &index, int role) const
 {
 	QVariant ret;
-	if (!index.isValid()) {
+	if (!index.isValid() || index.row() < 0 || index.row() > MAX_TANK_INFO - 1) {
 		return ret;
 	}
 	if (role == Qt::FontRole) {
-- 
1.7.11.msysgit.0

More information about the subsurface mailing list