From d7c88780e1df54f34563d60bd7fa01011d2eef03 Mon Sep 17 00:00:00 2001
From: chenluhua1980 <Chenluhua@qq.com>
Date: 星期一, 26 一月 2026 23:17:17 +0800
Subject: [PATCH] 1.CSVData.cpp 里 unserialize 用了 8*2、125*2，但 serialize 只写 8 + 125 字节。 m_svRawData.insert 的 end 指针是 pszBuffer + 125*2，没有用 index 计算，可能把无效区域一起拷进去。 一旦 size 实际是 133（不是 266），就会直接越界，堆会被破坏，m_svDatas.clear() 在销毁元素时崩。

---
 SourceCode/Bond/Servo/CEqCassetteTransferStateStep.cpp |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/SourceCode/Bond/Servo/CEqCassetteTransferStateStep.cpp b/SourceCode/Bond/Servo/CEqCassetteTransferStateStep.cpp
index 22c85a7..2dc627e 100644
--- a/SourceCode/Bond/Servo/CEqCassetteTransferStateStep.cpp
+++ b/SourceCode/Bond/Servo/CEqCassetteTransferStateStep.cpp
@@ -25,23 +25,24 @@
 	{
 		CReadStep::getAttributeVector(attrubutes);
 
+		unsigned int weight = 31;
 		std::string strTemp;
 		attrubutes.addAttribute(new CAttribute("Dev",
-			("W" + CToolUnits::toHexString(m_nPortStatusDev, strTemp)).c_str(), ""));
+			("W" + CToolUnits::toHexString(m_nPortStatusDev, strTemp)).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("Port Status",
-			getPortStatusDescription(strTemp).c_str(), ""));
+			getPortStatusDescription(strTemp).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("CassetteSequenceNo",
-			std::to_string(m_nCassetteSequenceNo).c_str(), ""));
+			std::to_string(m_nCassetteSequenceNo).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("CassetteID",
-			m_strCassetteID.c_str(), ""));
+			m_strCassetteID.c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("LoadingCassetteType",
-			getLoadingCassetteTypeDescription(strTemp).c_str(), ""));
+			getLoadingCassetteTypeDescription(strTemp).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("Q-Time Flag",
-			getQTimeFlagDescription(strTemp).c_str(), ""));
+			getQTimeFlagDescription(strTemp).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("CassetteMappingState",
-			getCassetteMappingStateDescription(strTemp).c_str(), ""));
+			getCassetteMappingStateDescription(strTemp).c_str(), "", weight++));
 		attrubutes.addAttribute(new CAttribute("CassetteStatus",
-			getCassetteStatusDescription(strTemp).c_str(), ""));
+			getCassetteStatusDescription(strTemp).c_str(), "", weight++));
 	}
 
 	int CEqCassetteTransferStateStep::onReadData()

--
Gitblit v1.9.3