[PATCH] Cochran: Fixed buffer overflow in _parser_foreach().

[John Van Ostrand]

Break out of loop if less than a sample size remains.
---
 src/cochran_commander_parser.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/cochran_commander_parser.c b/src/cochran_commander_parser.c
index f3c3769..9271ac6 100644
--- a/src/cochran_commander_parser.c
+++ b/src/cochran_commander_parser.c
@@ -588,6 +588,10 @@ cochran_commander_parser_samples_foreach (dc_parser_t *abstract, dc_sample_callb
 			continue;
 		}
 
+		// Make sure we have a full sample
+		if (offset > size - layout->samplesize)
+			break;
+
 		// Depth is logged as change in feet, bit 0x40 means negative depth
 		if (s[0] & 0x40)
 			depth_qfeet -= (s[0] & 0x3f);
@@ -617,46 +621,42 @@ cochran_commander_parser_samples_foreach (dc_parser_t *abstract, dc_sample_callb
 		}
 
 		// Cochran EMC models store NDL and deco stop time
-		// int the 20th to 23rd sample
+		// in the 20th to 23rd sample
 		if (layout->format == SAMPLE_EMC) {
 			// Find the next sample by skipping over any event bytes.
 			// This is only temporary so we can get NDL and deco stop
 			// times which span two samples.
-			const unsigned char *n = s + layout->samplesize;
 			cochran_events_t event;
-
-			while ((*n & 0x80) && n < samples + size) {
-				cochran_commander_get_event_info(*n, &event);
-				n += event.data_bytes;
-			}
+			static const unsigned char *last_sample = NULL;
 
 			// Tissue load is recorded across 20 samples, we ignore them
 			// NDL and deco stop time is recorded across the next 4 samples
 			// The first 2 are either NDL or stop time at deepest stop (if in deco)
 			// The next 2 are total deco stop time.
 			switch (time % 24) {
-			case 20:
+			case 21:
 				if (deco_obligation) {
 					/* Deco time for deepest stop, unused */
-					int deco_time = (s[2] + n[2] * 256 + 1) * 60;
+					int deco_time = (last_sample[2] + s[2] * 256 + 1) * 60;
 				} else {
 					/* Send deco NDL sample */
 					sample.deco.type = DC_DECO_NDL;
-					sample.deco.time = (s[2] + n[2] * 256 + 1) * 60; // seconds
+					sample.deco.time = (last_sample[2] + s[2] * 256 + 1) * 60; // seconds
 					sample.deco.depth = 0;
 					if (callback) callback (DC_SAMPLE_DECO, sample, userdata);
 				}
 				break;
-			case 22:
+			case 23:
 				/* Deco time, total obligation */
 				if (deco_obligation) {
 					sample.deco.type = DC_DECO_DECOSTOP;
 					sample.deco.depth = deco_ceiling * FEET;
-					sample.deco.time = (s[2] + n[2] * 256 + 1) * 60; // minutes
+					sample.deco.time = (last_sample[2] + s[2] * 256 + 1) * 60; // minutes
 					if (callback) callback (DC_SAMPLE_DECO, sample, userdata);
 				}
 				break;
 			}
+			last_sample = s;
 		}
 
 		time++;
-- 
2.4.3