Buffer overflow with long netname and long pin numbers
Bug #1098046 reported by
Jerome Marchand
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pcb |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
PCB crashes when trying to import a file containing net names longer than 61 characters.
The overflow occurs in CreateNewNet().
PCB crashes when mousing over a pin with a long pin number (over 252 characters).
The overflow occurs in ConnectionName()
I discovered these while testing the ipc-d-356 netlister. They are unlikely to occur (I'm not sure who would use 252 characters for a pin number) but should be easy to fix too...
Changed in geda-project: | |
importance: | Undecided → Critical |
Changed in geda-project: | |
status: | New → Confirmed |
Changed in pcb: | |
status: | New → Confirmed |
To post a comment you must log in.
I was able to reproduce both failures with current git head versions of pcb and geda-gaf.
I prepared a set of test cases with ridiculously long pinnumbers and netnames: stresstest. sch stresstest. pcb stresstest. sch stresstest. pcb
netname_
netname_
pin_number_
pin_number_
res_test.sym
To reproduce: stresstest. pcb
1) pcb netname_
2) file - import_schematic
→ immediate segfault
1) pcb pin_number_ stresstest. pcb l/pin_number_ stresstest. sch] 123456789_ 123456789_ 123456789) '
2) file - import_schematic
→ no rats added to the layout
→ message on stdout:
Loading schematic [/tmp/gedabaste
unknown action `3456789_
---<)kaimartin(>---