Buffer overflow with long netname and long pin numbers
Bug #1098046 reported by
Jerome Marchand
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gEDA project |
Confirmed
|
Critical
|
Unassigned | ||
| pcb |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
PCB crashes when trying to import a file containing net names longer than 61 characters.
The overflow occurs in CreateNewNet().
PCB crashes when mousing over a pin with a long pin number (over 252 characters).
The overflow occurs in ConnectionName()
I discovered these while testing the ipc-d-356 netlister. They are unlikely to occur (I'm not sure who would use 252 characters for a pin number) but should be easy to fix too...
| Changed in geda-project: | |
| importance: | Undecided → Critical |
Revision history for this message
| KaiMartin (kmk-familieknaak) wrote | #1 |
| Changed in geda-project: | |
| status: | New → Confirmed |
| Changed in pcb: | |
| status: | New → Confirmed |
To post a comment you must log in.
I was able to reproduce both failures with current git head versions of pcb and geda-gaf.
I prepared a set of test cases with ridiculously long pinnumbers and netnames:
netname_
netname_
pin_number_
pin_number_
res_test.sym
To reproduce:
1) pcb netname_
2) file - import_schematic
→ immediate segfault
1) pcb pin_number_
2) file - import_schematic
→ no rats added to the layout
→ message on stdout:
Loading schematic [/tmp/gedabaste
unknown action `3456789_
---<)kaimartin(>---