From 61cdf3436b3b63e869e2b4239d768d223a8d221e Mon Sep 17 00:00:00 2001
From: Ian McInerney <ian.s.mcinerney@ieee.org>
Date: Sat, 15 Aug 2020 22:06:10 +0100
Subject: [PATCH] Ensure PAINTER::Draw routines properly handle EDA_ITEM
 casting

EDA_ITEM is a child of VIEW_ITEM, so a static_cast is not appropriate,
since in some cases it could be called with a non-EDA_ITEM argument.
This was triggering an ASAN heap-buffer-overflow in GerbView.
---
 common/page_layout/ws_painter.cpp | 5 ++++-
 eeschema/sch_painter.cpp          | 5 ++++-
 gerbview/gerbview_painter.cpp     | 7 +++++--
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/common/page_layout/ws_painter.cpp b/common/page_layout/ws_painter.cpp
index fc4bb9e4f1..1151eca84c 100644
--- a/common/page_layout/ws_painter.cpp
+++ b/common/page_layout/ws_painter.cpp
@@ -217,7 +217,10 @@ wxString WS_DRAW_ITEM_LIST::BuildFullText( const wxString& aTextbase )
 
 bool KIGFX::WS_PAINTER::Draw( const VIEW_ITEM* aItem, int aLayer )
 {
-    auto item = static_cast<const EDA_ITEM*>( aItem );
+    auto item = dynamic_cast<const EDA_ITEM*>( aItem );
+
+    if( !item )
+        return false;
 
     switch( item->Type() )
     {
diff --git a/eeschema/sch_painter.cpp b/eeschema/sch_painter.cpp
index 350274136c..10c72809d7 100644
--- a/eeschema/sch_painter.cpp
+++ b/eeschema/sch_painter.cpp
@@ -165,9 +165,12 @@ SCH_PAINTER::SCH_PAINTER( GAL* aGal ) :
 
 bool SCH_PAINTER::Draw( const VIEW_ITEM *aItem, int aLayer )
 {
-    auto item2 = static_cast<const EDA_ITEM*>( aItem );
+    auto item2 = dynamic_cast<const EDA_ITEM*>( aItem );
     auto item = const_cast<EDA_ITEM*>( item2 );
 
+    if( !item2 )
+        return false;
+
 #ifdef CONNECTIVITY_DEBUG
 
     auto sch_item = dynamic_cast<SCH_ITEM*>( item );
diff --git a/gerbview/gerbview_painter.cpp b/gerbview/gerbview_painter.cpp
index 5f2cb4afb9..27c4c2a18f 100644
--- a/gerbview/gerbview_painter.cpp
+++ b/gerbview/gerbview_painter.cpp
@@ -104,7 +104,7 @@ void GERBVIEW_RENDER_SETTINGS::LoadDisplayOptions( const GBR_DISPLAY_OPTIONS& aO
 
 COLOR4D GERBVIEW_RENDER_SETTINGS::GetColor( const VIEW_ITEM* aItem, int aLayer ) const
 {
-    const EDA_ITEM* item = static_cast<const EDA_ITEM*>( aItem );
+    const EDA_ITEM* item = dynamic_cast<const EDA_ITEM*>( aItem );
     static const COLOR4D transparent = COLOR4D( 0, 0, 0, 0 );
     const GERBER_DRAW_ITEM* gbrItem = nullptr;
 
@@ -173,7 +173,10 @@ int GERBVIEW_PAINTER::getLineThickness( int aActualThickness ) const
 
 bool GERBVIEW_PAINTER::Draw( const VIEW_ITEM* aItem, int aLayer )
 {
-    const EDA_ITEM* item = static_cast<const EDA_ITEM*>( aItem );
+    const EDA_ITEM* item = dynamic_cast<const EDA_ITEM*>( aItem );
+
+    if( !item )
+        return false;
 
     // the "cast" applied in here clarifies which overloaded draw() is called
     switch( item->Type() )