From d7c88780e1df54f34563d60bd7fa01011d2eef03 Mon Sep 17 00:00:00 2001
From: chenluhua1980 <Chenluhua@qq.com>
Date: 星期一, 26 一月 2026 23:17:17 +0800
Subject: [PATCH] 1.CSVData.cpp 里 unserialize 用了 8*2、125*2，但 serialize 只写 8 + 125 字节。 m_svRawData.insert 的 end 指针是 pszBuffer + 125*2，没有用 index 计算，可能把无效区域一起拷进去。 一旦 size 实际是 133（不是 266），就会直接越界，堆会被破坏，m_svDatas.clear() 在销毁元素时崩。

---
 SourceCode/Bond/Servo/CEqCassetteCtrlCmdStep.cpp |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/SourceCode/Bond/Servo/CEqCassetteCtrlCmdStep.cpp b/SourceCode/Bond/Servo/CEqCassetteCtrlCmdStep.cpp
index c59ab4d..63cf42b 100644
--- a/SourceCode/Bond/Servo/CEqCassetteCtrlCmdStep.cpp
+++ b/SourceCode/Bond/Servo/CEqCassetteCtrlCmdStep.cpp
@@ -23,17 +23,17 @@
 		int jobExistenceSize,
 		short slotProcess,
 		short jopCount,
-		CJobDataB* pJobDataB)
+		CJobDataA* pJobDataA)
 	{
 		ASSERT(jobExistenceSize == 12);
-		ASSERT(pJobDataB);
+		ASSERT(pJobDataA);
 
 		char szBuffer[1024] = { 0 };
 		memcpy(&szBuffer[0], &cmd, sizeof(short));
 		memcpy(&szBuffer[2], jobExistence, sizeof(short) * jobExistenceSize);
 		memcpy(&szBuffer[26], &slotProcess, sizeof(short));
 		memcpy(&szBuffer[36], &jopCount, sizeof(short));
-		int nLen = pJobDataB->serialize(&szBuffer[38], 1024 - 38);
+		int nLen = pJobDataA->serialize(&szBuffer[38], 1024 - 38);
 		return writeData(m_nCtrlCmdDev, (const char*)szBuffer, 38 + nLen);
 	}
 
@@ -41,9 +41,10 @@
 	{
 		CWriteStep::getAttributeVector(attrubutes);
 
+		unsigned int weight = 31;
 		std::string strTemp;
 		attrubutes.addAttribute(new CAttribute("Control Command Dev",
-			("W" + CToolUnits::toHexString(m_nCtrlCmdDev, strTemp)).c_str(), ""));
+			("W" + CToolUnits::toHexString(m_nCtrlCmdDev, strTemp)).c_str(), "", weight++));
 	}
 }
 

--
Gitblit v1.9.3