On 6/25/2015 1:43 PM, Andy Peters wrote: > >> On Jun 25, 2015, at 5:16 AM, Wayne Stambaugh <[email protected]> wrote: >> >> Chris, >> >> Thanks for the patch. I just want to let you know that, this is one of >> those likely to be short lived patches. After the stable release, one >> of my first orders of business will be to write proper I/O management >> code similar to what we have for Pcbnew. It will use code in >> richio.h/.cpp for parsing and formatting which takes care of the memory >> allocation issues. >> >> Wayne > > Wayne, > > While you may consider it to be a short-term patch because the plan is to fix > the root cause of the issues, we all know that a stable release will be the > one that most of the regular users stick with for a long time, at least to > the next stable release. > > So the fix is a Good Thing and will hopefully eliminate some bug reports and > user complaints.
I agree but I also wanted to let Chris know that future plans for Eeschema will make the code he wrote obsolete. I want keep developers informed so they are not blindsided when some code they wrote goes away in the future. It's a simple courtesy. > > -a > > >> >> On 6/25/2015 12:37 AM, Chris Pavlina wrote: >>> Eeschema is _full_ of sscanf buffer overflow vulnerabilities, in almost >>> every ::Load. This patch adds the proper field width specifiers to >>> prevent the buffers from being smashed by an invalid or malicious input. >>> >>> -- >>> Chris > > > _______________________________________________ > Mailing list: https://launchpad.net/~kicad-developers > Post to : [email protected] > Unsubscribe : https://launchpad.net/~kicad-developers > More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp
