Buffer overflow while storing .alt file using bwa mem #232
+22
−2
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When using bwa mem and an .alt file containing a line greater than 1024 bytes in length, a buffer overflow results from storing .alt file contents into a 1024 byte static buffer. The
fgetc()
function is used in a loop to read an .alt file byte-by-byte. Each byte is manually stored in the static buffer until a line termination character is read. Exceeding the 1024 byte line size limit will overflow the buffer. This buffer overflow can be exploited to potentially gain arbitrary code execution on the system running bwa.The proposed commits obtain the size of the .alt file and dynamically allocate adequate memory to store the entire file. The
fseeko()
andftello()
functions are used to determine the size of the .alt file. Thecalloc()
function is used to dynamically allocate and initialize memory equal to the size of the file. Because enough memory is allocated to store the entire .alt file, the buffer overflow is mitigated in the commit code.