******************************************************************************
******************* IBIS ICM GOLDEN PARSER BUG REPORT FORM *******************
******************************************************************************
INSTRUCTIONS
To report a bug in the IBIS ICM golden parser, please fill out the top part
of the following form and send the complete form to icm-bug@eda.org.
A list of reported bugs will be maintained on eda.org.
******************************************************************************
PARSER VERSION NUMBER: 1.0.0
PLATFORM (SPARC, HP700, PC, etc.): IA32
OS AND VERSION: Linux and MS windows
REPORTED BY: Nilmoni Deb
DATE: 2004.12.1
DESCRIPTION OF BUG:
Running icmchk1 with the options "-v -v" on the following .icm file
causes a segmentation fault at line 260 of file src/messages.c which
has the statement:
msg->text = strdup(text);
The cause of this is traced to the fact that 'text' is fixed-size array
of size 1024 chars and suffers a buffer overflow.
In this case, the buffer overflow is caused by reading in a string that
is too long. The string is nothing but a long customary
disclaimer from the owner of the icm file. Note that disclaimers,
specifically those from private parties can be very large.
The solution is to increase the size of 'text' or alternatively
use dynamic allocation, if possible.
INSERT IBIS FILE DEMONSTRATING THE BUG:
|
|**************************************************************************
[Begin Header]
[ICM Ver] 1.0
[File Rev] 1.0
[File Name] bug1.icm
[Date] 12/1/2004
[Source] An example for parser bug illustration only
[Notes] The following information is only to illustrate a segmentation
fault in the ICM 1.0.0 parser due to excessive text block size.
Bug discovered by Nilmoni Deb, Intel Corp.
[Disclaimer] Blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
Blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah
blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
|
[Copyright] None
[Redistribution] No
[End Header]
|
|**************************************************************************
|
[Begin ICM Family] Example
[Manufacturer] Them Corporation
[ICM Family Description] A Simple BUG example
|
|**************************************************************************
|
[ICM Model List]
| Name Mating Min_Slew_Time Image
|----------------------------------------------------------------------------
RLGC-short Mated 1ns
|
|**************************************************************************
|Units below assumed to be meters
|
[Begin ICM Model] RLGC-short
ICM_model_type MLM
[Nodal Path Description]
Model_nodemap Die_side
N_section (P0 N0 OUTP0 OUTN0) Mult=1 ball
Model_nodemap Ball_side
[End ICM Model]
|**************************************************************************
|
[ICM Node Map] Die_side
| pin node name
1 P0 Transmit_P
2 N0 Transmit_N
[ICM Node Map] Ball_side
| pin node name
1 OUTP0 TransmitOut_P
2 OUTN0 TransmitOut_N
[End ICM Family]
|
|**************************************************************************
[Begin ICM Section] ball
[Derivation Method] Lumped
|
[Resistance Matrix] Full_matrix
[Row] 1
0.001 1.8e-005
[Row] 2
0.001
[Inductance Matrix] Full_matrix
[Row] 1
1.1e-011 1.5e-012
[Row] 2
1.1e-011
[Capacitance Matrix] Full_matrix
[Row] 1
1.1e-014 -1.5e-015
[Row] 2
1.1e-014
[End ICM Section] ball
[End]
******************************************************************************
******************** BELOW FOR ADMINISTRATION AND TRACKING *******************
******************************************************************************
BUG NUMBER: 1
SEVERITY: [FATAL, SEVERE, MODERATE, ANNOYING, ENHANCEMENT] MODERATE
PRIORITY: [HIGH, MEDIUM, LOW] MEDIUM
STATUS: [OPEN, CLOSED, WILL NOT FIX, NOT A BUG] CLOSED
FIXED VERSION: 1.1
FIXED DATE: March 13, 2005
NOTES ON BUG FIX: Classified at the December 10, 2004 IBIS Open Forum
teleconference.
To be fixed in the next release.
Fixed in ICMCHK1 version 1.1
Fix updated in ICMCHK1 version 1.1.2
******************************************************************************
******************************************************************************