From d7c88780e1df54f34563d60bd7fa01011d2eef03 Mon Sep 17 00:00:00 2001
From: chenluhua1980 <Chenluhua@qq.com>
Date: 星期一, 26 一月 2026 23:17:17 +0800
Subject: [PATCH] 1.CSVData.cpp 里 unserialize 用了 8*2、125*2，但 serialize 只写 8 + 125 字节。 m_svRawData.insert 的 end 指针是 pszBuffer + 125*2，没有用 index 计算，可能把无效区域一起拷进去。 一旦 size 实际是 133（不是 266），就会直接越界，堆会被破坏，m_svDatas.clear() 在销毁元素时崩。

---
 SourceCode/Bond/Servo/CJobDataS.cpp |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/SourceCode/Bond/Servo/CJobDataS.cpp b/SourceCode/Bond/Servo/CJobDataS.cpp
index db1bf0d..2231b0b 100644
--- a/SourceCode/Bond/Servo/CJobDataS.cpp
+++ b/SourceCode/Bond/Servo/CJobDataS.cpp
@@ -143,7 +143,7 @@
 		m_pOwner = pOwner;
 	}
 
-	int CJobDataS::getCassetteSequenceNo()
+	int CJobDataS::getCassetteSequenceNo() const
 	{
 		return m_nCassetteSequenceNo;
 	}
@@ -153,7 +153,7 @@
 		m_nCassetteSequenceNo = no;
 	}
 
-	int CJobDataS::getJobSequenceNo()
+	int CJobDataS::getJobSequenceNo() const
 	{
 		return m_nJobSequenceNo;
 	}
@@ -457,7 +457,7 @@
 
 	int CJobDataS::serialize(char* pszBuffer, int nBufferSize)
 	{
-		if (nBufferSize < 256 * 2) return -1;
+		if (nBufferSize < JOBDATAS_SIZE) return -1;
 
 		int index = 0;
 		memcpy(&pszBuffer[index], &m_nCassetteSequenceNo, sizeof(short));
@@ -558,7 +558,7 @@
 		memcpy(&pszBuffer[index], &m_nProductJudge, sizeof(short));
 		index += sizeof(short);
 
-		return 256 * 2;
+		return JOBDATAS_SIZE;
 	}
 
 	int CJobDataS::unserialize(const char* pszBuffer, int nBufferSize)
@@ -618,9 +618,9 @@
 		index += sizeof(short);
 
 		memcpy(&m_nQTime[1], &pszBuffer[index], sizeof(short));
-		index += sizeof(int);
+		index += sizeof(short);
 
-		memcpy(&m_nQTime[2], &pszBuffer[index], sizeof(int));
+		memcpy(&m_nQTime[2], &pszBuffer[index], sizeof(short));
 		index += sizeof(short);
 
 		memcpy(&m_nQTimeOverFlag, &pszBuffer[index], sizeof(short));

--
Gitblit v1.9.3