Fix integer overflow in cram_compress_block2

The figure used here is somewhat arbitrary as it's simply a marker for something considerably worse than no compression, given it's used in places where the compression wasn't applied or fails. Although sz is long, it may get other modifiers and the CRAM block size is int so UINT_MAX seems like a natural "larger than possible" value to use. Credit to OSS-Fuzz Fixes oss-fuzz 64616
samtools · Dec 4, 2023 · 8db4cfa · 8db4cfa
1 parent 3827169
commit 8db4cfa
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/cram/cram_io.c b/cram/cram_io.c
@@ -2079,10 +2079,10 @@ int cram_compress_block2(cram_fd *fd, cram_slice *s,
                     } else if (c) {
                         free(c);
                     } else {
-                        sz[m] = b->uncomp_size*2+1000; // arbitrarily worse than raw
+                        sz[m] = UINT_MAX; // arbitrarily worse than raw
                     }
                 } else {
-                    sz[m] = b->uncomp_size*2+1000; // arbitrarily worse than raw
+                    sz[m] = UINT_MAX; // arbitrarily worse than raw
                 }
             }