kicad-developers team mailing list archive

Thread
Date

Possibility of uninitialised variable in RN_DATA::Add

To: Kicad Developers <kicad-developers@xxxxxxxxxxxxxxxxxxx>
From: John Beard <john.j.beard@xxxxxxxxx>
Date: Sat, 24 Sep 2016 02:01:48 +0800

Hi,

If RN_DATA::Add is called with a BOARD_ITEM* aItem where
aItem->IsConnected() fails (and it's not a module or netinfo item),
the index into the vector is uninitialised, which could segfault the
vector access.

The attached patch initialises it to the ORPHANED value, and then
makes sure it's been set to something valid so the vector can be
safely indexed.

I also added an assert to document that all paths (i.e. first if
statement) must correctly lengthen the vector if needed.

Cheers,

John

From 5f2a8bcfdc3e5e7a9c99545491ba73592ec834b6 Mon Sep 17 00:00:00 2001
From: John Beard <john.j.beard@xxxxxxxxx>
Date: Fri, 23 Sep 2016 22:16:31 +0800
Subject: [PATCH] Protect against uninitialised netcodes when adding to RN_DATA

---
 pcbnew/ratsnest_data.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pcbnew/ratsnest_data.cpp b/pcbnew/ratsnest_data.cpp
index 96783c6..be19548 100644
--- a/pcbnew/ratsnest_data.cpp
+++ b/pcbnew/ratsnest_data.cpp
@@ -1069,7 +1069,7 @@ void RN_NET::processPads()
 
 bool RN_DATA::Add( const BOARD_ITEM* aItem )
 {
-    int net;
+    int net = NETINFO_LIST::ORPHANED;
 
     if( aItem->IsConnected() )
     {
@@ -1112,6 +1112,12 @@ bool RN_DATA::Add( const BOARD_ITEM* aItem )
         return true;
     }
 
+    if( net == NETINFO_LIST::ORPHANED )
+        return false;
+
+    // If the netcode is set, it should be valid for indexing into vector
+    assert( net < (int) m_nets.size() );
+
     switch( aItem->Type() )
     {
     case PCB_PAD_T:
-- 
2.9.3

Follow ups

Re: Possibility of uninitialised variable in RN_DATA::Add
From: Maciej Sumiński, 2016-09-25
Re: Possibility of uninitialised variable in RN_DATA::Add
From: Wayne Stambaugh, 2016-09-23