[med-svn] samtools 01/01: Fix Mayhem issues caused by unlimited reads of gz input
Andreas Tille
tille at debian.org
Mon Dec 21 12:24:17 UTC 2015
This is an automated email from the git hooks/post-receive script.
tille pushed a commit to branch debian/unstable
in repository samtools.
commit 0777f64201bd5b2f3ec128a771351f840bebd9aa
Author: Andreas Tille <tille at debian.org>
Date: Mon Dec 21 13:24:01 2015 +0100
Fix Mayhem issues caused by unlimited reads of gz input
---
debian/changelog | 4 ++-
debian/patches/mayhem.patch | 69 +++++++++++++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 73 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index f706a65..347fe77 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,8 +6,10 @@ samtools (1.2-4) UNRELEASED; urgency=medium
* Add lintian-override to document that the language extensions are used
internally
* Fix spelling
+ * Fix Mayhem issues caused by unlimited reads of gz input
+ Closes: #716199, #716197
- -- Andreas Tille <tille at debian.org> Tue, 22 Sep 2015 16:14:20 +0200
+ -- Andreas Tille <tille at debian.org> Mon, 21 Dec 2015 13:20:46 +0100
samtools (1.2-3) unstable; urgency=medium
diff --git a/debian/patches/mayhem.patch b/debian/patches/mayhem.patch
new file mode 100644
index 0000000..08b745c
--- /dev/null
+++ b/debian/patches/mayhem.patch
@@ -0,0 +1,69 @@
+Author: Andreas Tille <tille at debian.org>
+Last-Update: Mon, 21 Dec 2015 13:20:46 +0100
+Bug-Debian: https://bugs.debian.org/716197
+ https://bugs.debian.org/716199
+Description: Fix Mayhem issues caused by unlimited reads of gz input
+
+
+--- a/misc/maq2sam.c
++++ b/misc/maq2sam.c
+@@ -98,14 +98,37 @@ maqmap_t *maqmap_read_header(gzFile fp)
+ }
+ assert(mm->format == MAQMAP_FORMAT_NEW);
+ }
+- gzread(fp, &mm->n_ref, sizeof(int));
++ if ( gzread(fp, &mm->n_ref, sizeof(int)) < sizeof(int)) {
++ fprintf(stderr, "To few bytes in input file");
++ return NULL;
++ }
++ if (mm->n_ref < 0) {
++ fprintf(stderr, "Incorrect n_ref read from input file\n");
++ return NULL;
++ }
++ if ( gzeof(fp) ) {
++ fprintf(stderr, "Unexpected end of file.");
++ return NULL;
++ }
+ mm->ref_name = (char**)calloc(mm->n_ref, sizeof(char*));
+ for (k = 0; k != mm->n_ref; ++k) {
++ if ( gzeof(fp) ) {
++ fprintf(stderr, "Unexpected end of file.");
++ return NULL;
++ }
+ gzread(fp, &len, sizeof(int));
+ mm->ref_name[k] = (char*)malloc(len * sizeof(char));
++ if ( gzeof(fp) ) {
++ fprintf(stderr, "Unexpected end of file.");
++ return NULL;
++ }
+ gzread(fp, mm->ref_name[k], len);
+ }
+ /* read number of mapped reads */
++ if ( gzeof(fp) ) {
++ fprintf(stderr, "Unexpected end of file.");
++ return NULL;
++ }
+ gzread(fp, &mm->n_mapped_reads, sizeof(uint64_t));
+ return mm;
+ }
+@@ -117,6 +140,8 @@ void maq2tam_core(gzFile fp, const char
+ int ret;
+ m1 = &mm1;
+ mm = maqmap_read_header(fp);
++ if (!mm) exit(1);
++
+ while ((ret = gzread(fp, m1, sizeof(maqmap1_t))) == sizeof(maqmap1_t)) {
+ int j, flag = 0, se_mapq = m1->seq[MAX_READLEN-1];
+ if (m1->flag) flag |= 1;
+@@ -191,6 +216,11 @@ int main(int argc, char *argv[])
+ return 1;
+ }
+ fp = strcmp(argv[1], "-")? gzopen(argv[1], "r") : gzdopen(fileno(stdin), "r");
++ if (!fp ) {
++ fprintf(stderr, "Unable to open file %s", argv[1]);
++ fprintf(stderr, "Usage: maq2sam <in.map> [<readGroup>]\n");
++ return 1;
++ }
+ maq2tam_core(fp, argc > 2? argv[2] : 0);
+ gzclose(fp);
+ return 0;
diff --git a/debian/patches/series b/debian/patches/series
index b9ad524..02347fd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
fix_segfault_with_small_ref.patch
dynamic-build.patch
i386-build.patch
+mayhem.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/samtools.git
More information about the debian-med-commit
mailing list