kicad-developers team mailing list archive

Thread
Date

Re: [PATCH] Fix buffer overflows in eeschema

To: kicad-developers@xxxxxxxxxxxxxxxxxxx
From: Wayne Stambaugh <stambaughw@xxxxxxxxx>
Date: Thu, 25 Jun 2015 08:16:35 -0400
In-reply-to: <20150625043738.GA6968@cmp-desktop>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1

Chris,

Thanks for the patch.  I just want to let you know that, this is one of
those likely to be short lived patches.  After the stable release, one
of my first orders of business will be to write proper I/O management
code similar to what we have for Pcbnew.  It will use code in
richio.h/.cpp for parsing and formatting which takes care of the memory
allocation issues.

Wayne

On 6/25/2015 12:37 AM, Chris Pavlina wrote:
> Eeschema is _full_ of sscanf buffer overflow vulnerabilities, in almost 
> every ::Load. This patch adds the proper field width specifiers to 
> prevent the buffers from being smashed by an invalid or malicious input.
> 
> --
> Chris
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

Re: [PATCH] Fix buffer overflows in eeschema
From: Andy Peters, 2015-06-25

References

[PATCH] Fix buffer overflows in eeschema
From: Chris Pavlina, 2015-06-25