1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
Description: Catch potential integer overflow to buffer overflow
Bug-Debian: https://bugs.debian.or/1080069
Author: Andreas Tille <tille@debian.org>
Last-Update: 2024-12-03
--- a/SweeD_Input.c
+++ b/SweeD_Input.c
@@ -3342,7 +3342,11 @@ void readAlignmentMS(FILE *fp, alignment
int i, temp = fscanf(fp,"%*s %d %*s", &alignment->segsites);
assert(temp==1);
-
+
+ if (alignment->segsites <= 0 || alignment->segsites > MAXINT / sizeof(int)) {
+ fprintf(stderr, "\n ERROR: Integer overflow in allocation size for positionsInd (alignment->segsites = %d)\n", alignment->segsites);
+ exit(0);
+ }
alignment->positions = malloc(sizeof(float)*alignment->segsites);
alignment->positionsInd = malloc(sizeof(int)*alignment->segsites);
|
