a803fd1b4604a2a90f26f92a2eecd77677c7e7f2 max Tue Dec 13 14:55:21 2016 -0800 fixing a buffer overflow that appears when one is pasting a long text into the positionbox. This has come up before but I cannot find the redmine now. diff --git src/hg/lib/hdb.c src/hg/lib/hdb.c index fd0000a..1f710e8 100644 --- src/hg/lib/hdb.c +++ src/hg/lib/hdb.c @@ -177,30 +177,32 @@ static struct chromInfo *mustGetChromInfo(char *db, char *chrom) /* Get chromInfo for named chrom from primary database or * die trying. */ { struct chromInfo *ci = hGetChromInfo(db, chrom); if (ci == NULL) errAbort("Couldn't find chromosome/scaffold %s in database", chrom); return ci; } char *hgOfficialChromName(char *db, char *name) /* Returns "canonical" name of chromosome or NULL * if not a chromosome. (Case-insensitive search w/sameWord()) */ { +if (strlen(name) > HDB_MAX_CHROM_STRING) + return NULL; struct chromInfo *ci = NULL; char buf[HDB_MAX_CHROM_STRING]; strncpy(buf, name, HDB_MAX_CHROM_STRING); buf[HDB_MAX_CHROM_STRING-1] = 0; ci = hGetChromInfo(db, buf); if (ci != NULL) return cloneString(ci->chrom); else { if (hTableExists(db, "chromAlias")) { struct sqlConnection *conn = hAllocConn(db); char query[512]; char *chrom; sqlSafef(query, sizeof(query), @@ -4845,31 +4847,31 @@ } hashElFreeList(&helList); if (retHashOfHash) *retHashOfHash = hashOfHash; else hashFree(&hashOfHash); return raList; } char *addCommasToPos(char *db, char *position) /* add commas to the numbers in a position * returns pointer to static */ { -static char buffer[256]; +static char buffer[4096]; long winStart, winEnd; // long to support virtual chrom char *chromName; char num1Buf[64], num2Buf[64]; /* big enough for 2^64 (and then some) */ if (position == NULL) return NULL; if (hgParseChromRangeLong(NULL, position, &chromName, &winStart, &winEnd)) { sprintLongWithCommas(num1Buf, winStart + 1); sprintLongWithCommas(num2Buf, winEnd); safef(buffer, sizeof(buffer), "%s:%s-%s",chromName, num1Buf, num2Buf); } else safecpy(buffer, sizeof(buffer), position);