kicad-developers team mailing list archive

[Wayne Stambaugh <stambaughw@xxxxxxxxx>]

On 6/25/2015 1:43 PM, Andy Peters wrote:
> 
>> On Jun 25, 2015, at 5:16 AM, Wayne Stambaugh <stambaughw@xxxxxxxxx> wrote:
>>
>> Chris,
>>
>> Thanks for the patch.  I just want to let you know that, this is one of
>> those likely to be short lived patches.  After the stable release, one
>> of my first orders of business will be to write proper I/O management
>> code similar to what we have for Pcbnew.  It will use code in
>> richio.h/.cpp for parsing and formatting which takes care of the memory
>> allocation issues.
>>
>> Wayne
> 
> Wayne,
> 
> While you may consider it to be a short-term patch because the plan is to fix the root cause of the issues, we all know that a stable release will be the one that most of the regular users stick with for a long time, at least to the next stable release.
> 
> So the fix is a Good Thing and will hopefully eliminate some bug reports and user complaints.

I agree but I also wanted to let Chris know that future plans for
Eeschema will make the code he wrote obsolete.  I want keep developers
informed so they are not blindsided when some code they wrote goes away
in the future.  It's a simple courtesy.

> 
> -a
> 
> 
>>
>> On 6/25/2015 12:37 AM, Chris Pavlina wrote:
>>> Eeschema is _full_ of sscanf buffer overflow vulnerabilities, in almost 
>>> every ::Load. This patch adds the proper field width specifiers to 
>>> prevent the buffers from being smashed by an invalid or malicious input.
>>>
>>> --
>>> Chris
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>