Skip to content

Commit

Permalink
Avoid undefined behaviour integer overflow in extend_ref
Browse files Browse the repository at this point in the history 
Credit to OSS-Fuzz
Fixes oss-fuzz 64646
  • Loading branch information
@jkbonfield @daviesrob
jkbonfield authored and daviesrob committed Dec 4, 2023
1 parent 927ed61 commit 3827169
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions cram/cram_encode.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1509,6 +1509,9 @@ static inline int extend_ref(char **ref, uint32_t (**hist)[5], hts_pos_t pos,
return 0;

// realloc
if (pos - ref_start > UINT_MAX)
return -2; // protect overflow in new_end calculation

hts_pos_t old_end = *ref_end ? *ref_end : ref_start;
hts_pos_t new_end = ref_start + 1000 + (pos-ref_start)*1.5;

Expand Down

0 comments on commit 3827169

Please sign in to comment.