Select location of divesite in new map widget
Dirk Hohndel
dirk at hohndel.org
Tue Oct 3 11:18:01 PDT 2017
> On Oct 3, 2017, at 11:02 AM, Lubomir I. Ivanov <neolit123 at gmail.com> wrote:
>>> yey, a compiler bug (stack corruption) in:
>>> gcc version 5.3.0 (i686-posix-dwarf-rev0, Built by MinGW-W64 project)
>>>
>>> in divelistview.cpp, for this:
>>> for (int col = DiveTripModel::NR; col < DiveTripModel::COLUMNS; ++col) {
>>>
>>> instead of incrementing col up to 16, it goes up to 2689.
>>
>> Sweet. If you look at the preprocessor output, is it the DiveTripModel::COLUMNS
>> that is incorrectly expanded, or is it really the code generation?
>>
>> And given that Gaetan sees this on Arch... different compiler, right?
>>
>> WEIRD
>>
>
> apparently, the stack gets corrupted by out-of-bounds access...how?
> i'm not sure, but i won't disassemble this as there is an easy fix and
> we are doing something wrong.
>
> divelistview.cpp has this:
> static int defaultWidth[] = { 70, 140, 90, 50, 50, 50, 50,
> 70, 50, 50, 70, 50, 50, 5, 500};
>
> the loop uses the 'col' iterator which is clamped up to
> DiveTripModel::COLUMNS, but DiveTripModel::COLUMNS is larger than the
> N of elements in defaultWidth.
>
> so the first out-of-bound access to:
> defaultWidth[col]
>
> modifies the loop's limit to something like 2689 and it proceeds with
> the out-of-bound access until a SIGSEGV.
That makes more sense.
We need to figure out why we overwrite the stack! Can you set a memory
breakpoint to see where this happens?
> fixes:
> 1) add another element to defaultWidth[] for 'country' and iterate col
> up to the size of defaultWIdth[].
can you submit a patch?
> 2) move defaultWidth as a method in DiveTripModel, for safety
What do you mean by that?
/D
More information about the subsurface
mailing list