080a160c7b9595d516c9c70e83689a09b60839d0 galt Mon Jun 3 12:16:53 2013 -0700 fix SQL Injection diff --git src/hg/lib/geneGraph.c src/hg/lib/geneGraph.c index c4d5d80..58bd12c 100644 --- src/hg/lib/geneGraph.c +++ src/hg/lib/geneGraph.c @@ -218,31 +218,31 @@ struct ggVertex *vertices = gg->vertices; int i,j; UBYTE *vTypes; int *vPositions, *edgeStarts, *edgeEnds; AllocArray(translator, totalVertexCount); usedVertexCount = countUsed(gg, totalVertexCount, translator); for (i=0; i<totalVertexCount; ++i) { bool *waysOut = em[i]; for (j=0; j<totalVertexCount; ++j) if (waysOut[j]) ++edgeCount; } AllocVar(ag); -snprintf(ag->strand, sizeof(ag->strand), "%s", gg->strand); +safef(ag->strand, sizeof(ag->strand), "%s", gg->strand); ag->tName = cloneString(gg->tName); ag->tStart = gg->tStart; ag->tEnd = gg->tEnd; ag->vertexCount = usedVertexCount; ag->vTypes = AllocArray(vTypes, usedVertexCount); ag->vPositions = AllocArray(vPositions, usedVertexCount); ag->mrnaRefCount = gg->mrnaRefCount; AllocArray(ag->mrnaRefs, gg->mrnaRefCount); for(i=0; i < gg->mrnaRefCount; i++) { ag->mrnaRefs[i] = cloneString(gg->mrnaRefs[i]); } for (i=0,j=0; i<totalVertexCount; ++i) { @@ -412,31 +412,31 @@ { struct slInt *library = NULL, *tissue=NULL; library = hashMustFindVal(tissLibHash, gg->mrnaRefs[i]); gg->mrnaLibs[i] = library->val; tissue = library->next; assert(tissue); gg->mrnaTissues[i] = tissue->val; } else { struct sqlResult *sr = NULL; char **row = NULL; char query[256]; assert(gg->mrnaRefs[i]); - snprintf(query, sizeof(query), "select library, tissue from gbCdnaInfo where acc='%s'", gg->mrnaRefs[i]); + sqlSafef(query, sizeof(query), "select library, tissue from gbCdnaInfo where acc='%s'", gg->mrnaRefs[i]); sr = sqlGetResult(conn, query); row = sqlNextRow(sr); if(row == NULL) errAbort("geneGraph.c::ggFillInTissuesAndLibraries() - Couldn't load library and tissue info for est: %s using query:\n%s", gg->mrnaRefs[i], query); gg->mrnaLibs[i] = sqlSigned(row[0]); gg->mrnaTissues[i] = sqlSigned(row[1]); sqlFreeResult(&sr); } } } boolean isSameGeneGraph(struct geneGraph *gg1, struct geneGraph *gg2) /* Returns true if the gene graphs are the same, otherwise returns false. */ { boolean allOk = TRUE; @@ -533,31 +533,31 @@ struct ggEvidence *ev = NULL; int i,j; UBYTE *vTypes; int *vPositions; AllocArray(translator, totalVertexCount); usedVertexCount = countUsed(gg, totalVertexCount, translator); for (i=0; i<totalVertexCount; ++i) { bool *waysOut = em[i]; for (j=0; j<totalVertexCount; ++j) if (waysOut[j] && gg->vertices[j].type != ggUnused) ++edgeCount; } AllocVar(ag); -snprintf(ag->strand, sizeof(ag->strand), "%s", gg->strand); +safef(ag->strand, sizeof(ag->strand), "%s", gg->strand); ag->tName = cloneString(gg->tName); ag->tStart = gg->tStart; ag->tEnd = gg->tEnd; ag->name = cloneString("NA"); ag->vertexCount = usedVertexCount; ag->vTypes = AllocArray(vTypes, usedVertexCount); ag->vPositions = AllocArray(vPositions, usedVertexCount); ag->mrnaRefCount = gg->mrnaRefCount; accessionList = newDyString(10*gg->mrnaRefCount); /* Have to print the accessions all out in the same string to conform to how the memory is handled later. */ for(i=0; i<gg->mrnaRefCount; i++) dyStringPrintf(accessionList, "%s,", gg->mrnaRefs[i]); sqlStringDynamicArray(accessionList->string, &ag->mrnaRefs, &ag->mrnaRefCount); dyStringFree(&accessionList); @@ -624,31 +624,31 @@ slReverse(&ag->evidence); freeMem(translator); return ag; } struct geneGraph *altGraphXToGG(struct altGraphX *ag) /* Convert an altGraphX to a geneGraph. Free with freeGeneGraph */ { struct geneGraph *gg = NULL; int i,j; AllocVar(gg); gg->tName = cloneString(ag->tName); gg->tStart = ag->tStart; gg->tEnd = ag->tEnd; gg->vertexCount = ag->vertexCount; -snprintf(gg->strand, sizeof(gg->strand), "%s", ag->strand); +safef(gg->strand, sizeof(gg->strand), "%s", ag->strand); gg->mrnaRefCount = ag->mrnaRefCount; gg->mrnaTissues = CloneArray(ag->mrnaTissues, ag->mrnaRefCount); gg->mrnaLibs = CloneArray(ag->mrnaLibs, ag->mrnaRefCount); AllocArray(gg->mrnaRefs, gg->mrnaRefCount); for(i=0; i<gg->mrnaRefCount; i++) gg->mrnaRefs[i] = cloneString(ag->mrnaRefs[i]); gg->edgeMatrix = altGraphXCreateEdgeMatrix(ag); /* will be free'd when geneGraph free'd */ AllocArray(gg->vertices, gg->vertexCount); for(i=0; i<gg->vertexCount; i++) { gg->vertices[i].position = ag->vPositions[i]; gg->vertices[i].type = ag->vTypes[i]; } AllocArray(gg->evidence, gg->vertexCount);