Skip to content

Commit

Permalink
Fix buffer read-overrun in bam_plp_insertion_mod.
Browse files Browse the repository at this point in the history 
We already validate CIGAR length vs sequence, but if we have SEQ '*'
then it passes those checks.  Unfortunately this means we read beyond
the end of sequence later on.
  • Loading branch information
@jkbonfield @daviesrob
jkbonfield authored and daviesrob committed Nov 3, 2022
1 parent c91804c commit d7f6579
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions sam.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5352,8 +5352,10 @@ int bam_plp_insertion_mod(const bam_pileup1_t *p,
break;
case BAM_CINS:
for (l = 0; l < (cigar[k]>>BAM_CIGAR_SHIFT); l++, j++) {
c = seq_nt16_str[bam_seqi(bam_get_seq(p->b),
p->qpos + j - p->is_del)];
c = p->qpos + j - p->is_del < p->b->core.l_qseq
? seq_nt16_str[bam_seqi(bam_get_seq(p->b),
p->qpos + j - p->is_del)]
: 'N';
ins->s[indel++] = c;
int nm;
hts_base_mod mod[256];
Expand Down

0 comments on commit d7f6579

Please sign in to comment.