1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
|
Author: Heng Li <lh3@me.com>
Description: Fix CVE-2019-10269.
Origin: upstream, https://github.com/lh3/bwa/commit/20d0a13092aa4cb73230492b05f9697d5ef0b88e
Bug: https://github.com/lh3/bwa/pull/232
Bug-Debian: https://bugs.debian.org/926014
--- a/bntseq.c
+++ b/bntseq.c
@@ -197,7 +197,13 @@
}
while (c != '\n' && c != EOF) c = fgetc(fp);
i = 0;
- } else str[i++] = c; // FIXME: potential segfault here
+ } else {
+ if (i >= 1022) {
+ fprintf(stderr, "[E::%s] sequence name longer than 1023 characters. Abort!\n", __func__);
+ exit(1);
+ }
+ str[i++] = c;
+ }
}
kh_destroy(str, h);
fclose(fp);
|