****************************************************************************** ******************* IBIS ICM GOLDEN PARSER BUG REPORT FORM ******************* ****************************************************************************** INSTRUCTIONS To report a bug in the IBIS ICM golden parser, please fill out the top part of the following form and send the complete form to icm-bug@eda.org. A list of reported bugs will be maintained on eda.org. ****************************************************************************** PARSER VERSION NUMBER: 1.0.0 PLATFORM (SPARC, HP700, PC, etc.): IA32 OS AND VERSION: Linux and MS windows REPORTED BY: Nilmoni Deb DATE: 2004.12.1 DESCRIPTION OF BUG: Running icmchk1 with the options "-v -v" on the following .icm file causes a segmentation fault at line 260 of file src/messages.c which has the statement: msg->text = strdup(text); The cause of this is traced to the fact that 'text' is fixed-size array of size 1024 chars and suffers a buffer overflow. In this case, the buffer overflow is caused by reading in a string that is too long. The string is nothing but a long customary disclaimer from the owner of the icm file. Note that disclaimers, specifically those from private parties can be very large. The solution is to increase the size of 'text' or alternatively use dynamic allocation, if possible. INSERT IBIS FILE DEMONSTRATING THE BUG: | |************************************************************************** [Begin Header] [ICM Ver] 1.0 [File Rev] 1.0 [File Name] bug1.icm [Date] 12/1/2004 [Source] An example for parser bug illustration only [Notes] The following information is only to illustrate a segmentation fault in the ICM 1.0.0 parser due to excessive text block size. Bug discovered by Nilmoni Deb, Intel Corp. [Disclaimer] Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. | [Copyright] None [Redistribution] No [End Header] | |************************************************************************** | [Begin ICM Family] Example [Manufacturer] Them Corporation [ICM Family Description] A Simple BUG example | |************************************************************************** | [ICM Model List] | Name Mating Min_Slew_Time Image |---------------------------------------------------------------------------- RLGC-short Mated 1ns | |************************************************************************** |Units below assumed to be meters | [Begin ICM Model] RLGC-short ICM_model_type MLM [Nodal Path Description] Model_nodemap Die_side N_section (P0 N0 OUTP0 OUTN0) Mult=1 ball Model_nodemap Ball_side [End ICM Model] |************************************************************************** | [ICM Node Map] Die_side | pin node name 1 P0 Transmit_P 2 N0 Transmit_N [ICM Node Map] Ball_side | pin node name 1 OUTP0 TransmitOut_P 2 OUTN0 TransmitOut_N [End ICM Family] | |************************************************************************** [Begin ICM Section] ball [Derivation Method] Lumped | [Resistance Matrix] Full_matrix [Row] 1 0.001 1.8e-005 [Row] 2 0.001 [Inductance Matrix] Full_matrix [Row] 1 1.1e-011 1.5e-012 [Row] 2 1.1e-011 [Capacitance Matrix] Full_matrix [Row] 1 1.1e-014 -1.5e-015 [Row] 2 1.1e-014 [End ICM Section] ball [End] ****************************************************************************** ******************** BELOW FOR ADMINISTRATION AND TRACKING ******************* ****************************************************************************** BUG NUMBER: 1 SEVERITY: [FATAL, SEVERE, MODERATE, ANNOYING, ENHANCEMENT] MODERATE PRIORITY: [HIGH, MEDIUM, LOW] MEDIUM STATUS: [OPEN, CLOSED, WILL NOT FIX, NOT A BUG] CLOSED FIXED VERSION: 1.1 FIXED DATE: March 13, 2005 NOTES ON BUG FIX: Classified at the December 10, 2004 IBIS Open Forum teleconference. To be fixed in the next release. Fixed in ICMCHK1 version 1.1 Fix updated in ICMCHK1 version 1.1.2 ****************************************************************************** ******************************************************************************