b8bfa72d707fe00635dde1a5ab0af0c9105abec7
fanhsu
  Fri Dec 3 15:10:49 2010 -0800
Updated omimGeneBuffer[] to avoid buffer overflow.
diff --git src/hg/hgTracks/simpleTracks.c src/hg/hgTracks/simpleTracks.c
index 6dcc6fa..0cad3ba 100644
--- src/hg/hgTracks/simpleTracks.c
+++ src/hg/hgTracks/simpleTracks.c
@@ -10855,61 +10855,62 @@
 /* set the color to red if the entry is listed in morbidmap */
 safef(query, sizeof(query), "select geneSymbols from omimMorbidMap where omimId=%s", el->name);
 geneSymbols = sqlQuickString(conn, query);
 hFreeConn(&conn);
 if (geneSymbols != NULL)
     {
     return hvGfxFindColorIx(hvg, 255, 0, 0);
     }
 else
     {
     return hvGfxFindColorIx(hvg, 0, 0, 200);
     }
 }
 
 /* reserve space no more than 20 unique OMIM entries */
-char omimGeneBuffer[2000];
+#define OMIM_MAX_DESC_LEN 160
+char omimGeneBuffer[20 * OMIM_MAX_DESC_LEN];
 
 char *omimGeneDiseaseList(struct track *tg, struct bed *item)
 /* Return list of diseases associated with a OMIM entry */
 {
 struct sqlConnection *conn;
 char query[256];
 struct sqlResult *sr;
 char **row;
 char *chp;
 int i=0;
 
 conn = hAllocConn(database);
 
 safef(query,sizeof(query),
         "select distinct description from omimMorbidMap, omimGene where name='%s' and name=cast(omimId as char) order by description", item->name);
 sr = sqlMustGetResult(conn, query);
 row = sqlNextRow(sr);
 
 /* show up to 20 max entries */
 chp = omimGeneBuffer;
 while ((row != NULL) && i<20)
     {
     /* omimMorbidMap description field some times have trailing blanks. */
     eraseTrailingSpaces(row[0]);
     if (i != 0)
 	{
 	safef(chp, 3, "; ");
 	chp++;chp++;
 	}
-    safef(chp, 100, "%s", row[0]);
+    safecpy(chp, OMIM_MAX_DESC_LEN, row[0]);
     chp = chp+strlen(row[0]);
     row = sqlNextRow(sr);
     i++;
     }
 
 if ((i == 20) && (row != NULL))
     {
     safef(chp, 5, " ...");
     chp++;chp++;chp++;chp++;
     }
 
 *chp = '\0';
 
 hFreeConn(&conn);
 sqlFreeResult(&sr);