← Back to team overview

kicad-developers team mailing list archive

Re: [PATCH] Fix buffer overflows in eeschema

 

Chris,

Thanks for the patch.  I just want to let you know that, this is one of
those likely to be short lived patches.  After the stable release, one
of my first orders of business will be to write proper I/O management
code similar to what we have for Pcbnew.  It will use code in
richio.h/.cpp for parsing and formatting which takes care of the memory
allocation issues.

Wayne

On 6/25/2015 12:37 AM, Chris Pavlina wrote:
> Eeschema is _full_ of sscanf buffer overflow vulnerabilities, in almost 
> every ::Load. This patch adds the proper field width specifiers to 
> prevent the buffers from being smashed by an invalid or malicious input.
> 
> --
> Chris
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
> 


Follow ups

References