kicad-developers team mailing list archive

[Andy Peters <devel@xxxxxxxxx>]

> On Jun 25, 2015, at 5:16 AM, Wayne Stambaugh <stambaughw@xxxxxxxxx> wrote:
> 
> Chris,
> 
> Thanks for the patch.  I just want to let you know that, this is one of
> those likely to be short lived patches.  After the stable release, one
> of my first orders of business will be to write proper I/O management
> code similar to what we have for Pcbnew.  It will use code in
> richio.h/.cpp for parsing and formatting which takes care of the memory
> allocation issues.
> 
> Wayne

Wayne,

While you may consider it to be a short-term patch because the plan is to fix the root cause of the issues, we all know that a stable release will be the one that most of the regular users stick with for a long time, at least to the next stable release.

So the fix is a Good Thing and will hopefully eliminate some bug reports and user complaints.

-a


> 
> On 6/25/2015 12:37 AM, Chris Pavlina wrote:
>> Eeschema is _full_ of sscanf buffer overflow vulnerabilities, in almost 
>> every ::Load. This patch adds the proper field width specifiers to 
>> prevent the buffers from being smashed by an invalid or malicious input.
>> 
>> --
>> Chris