kicad-developers team mailing list archive

Thread
Date

Re: [PATCH] Fix use-after-release in SYMBOL_LIB_TABLE::Parse()

To: kicad-developers@xxxxxxxxxxxxxxxxxxx
From: jp charras <jp.charras@xxxxxxxxxx>
Date: Wed, 12 Jul 2017 20:41:53 +0200
In-reply-to: <87d198uzdl.fsf@urd.knielsen-hq.org>
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

Le 10/07/2017 à 16:42, Kristian Nielsen a écrit :
> Or maybe something like this patch instead, to not leak the row (sorry, I
> mixed up LIB_TABLE::InsertRow() in common/lib_table_base.cpp with the
> function of the same name in new/sch_lib_table.cpp; the latter uses an
> auto_ptr&, the former does not).
> 
> Or maybe this code is still in flux, and the ownership will be changed/fixed
> in other ways - in any case, just wanted to point out this, now that I saw
> it. The main point is to not use row->GetNickName() after giving up
> ownership of the pointer to InsertRow().
> 
>  - Kristian.
> 
> Kristian Nielsen <knielsen@xxxxxxxxxxxxxxx> writes:
> 
>> I stumbled upon this in SYMBOL_LIB_TABLE::Parse():
>>
>>     if( !InsertRow( row.release() ) )
>>     {
>>         wxString msg = wxString::Format(
>>                             _( "'%s' is a duplicate symbol library nickname" ),
>>                             GetChars( row->GetNickName() ) );
>>
>> I got a segfault from this, because the error message accesses row after
>> row.release() has given up ownership.

Hi Kristian,

Good catch!
Thanks for your help.

I just fixed a few issues and crashes when a footprint or a symbol lib table is incorrect.
Your patch really helped me in this fix.


-- 
Jean-Pierre CHARRAS

References

[PATCH] Fix use-after-release in SYMBOL_LIB_TABLE::Parse()
From: Kristian Nielsen, 2017-07-10
Re: [PATCH] Fix use-after-release in SYMBOL_LIB_TABLE::Parse()
From: Kristian Nielsen, 2017-07-10