0df623bc76a0c81c38aed0ea9945808a605935b6 kate Thu May 18 17:01:41 2017 -0700 Protect against bad barChart files (where #expScores doesn't match expCount. refs #18736 diff --git src/hg/lib/barChartBed.c src/hg/lib/barChartBed.c index 9784bc0..380400c 100644 --- src/hg/lib/barChartBed.c +++ src/hg/lib/barChartBed.c @@ -1,68 +1,71 @@ /* barChartBed.c was originally generated by the autoSql program, which also * generated barChartBed.h and barChartBed.sql. This module links the database and * the RAM representation of objects. */ #include "common.h" #include "linefile.h" #include "dystring.h" #include "jksql.h" #include "barChartBed.h" char *barChartBedCommaSepFieldNames = "chrom,chromStart,chromEnd,name,score,strand,name2,expCount,expScores,_dataOffset,_dataLen"; +#ifdef NOT_SAFE struct barChartBed *barChartBedLoadByQuery(struct sqlConnection *conn, char *query) /* Load all barChartBed from table that satisfy the query given. * Where query is of the form 'select * from example where something=something' * or 'select example.* from example, anotherTable where example.something = * anotherTable.something'. * Dispose of this with barChartBedFreeList(). */ { struct barChartBed *list = NULL, *el; struct sqlResult *sr; char **row; sr = sqlGetResult(conn, query); while ((row = sqlNextRow(sr)) != NULL) { el = barChartBedLoad(row); slAddHead(&list, el); } slReverse(&list); sqlFreeResult(&sr); return list; } +#endif void barChartBedSaveToDb(struct sqlConnection *conn, struct barChartBed *el, char *tableName, int updateSize) /* Save barChartBed as a row to the table specified by tableName. * As blob fields may be arbitrary size updateSize specifies the approx size * of a string that would contain the entire query. Arrays of native types are * converted to comma separated strings and loaded as such, User defined types are * inserted as NULL. This function automatically escapes quoted strings for mysql. */ { struct dyString *update = newDyString(updateSize); char *expScoresArray; expScoresArray = sqlFloatArrayToString(el->expScores, el->expCount); sqlDyStringPrintf(update, "insert into %s values ( '%s',%u,%u,'%s',%u,'%s','%s',%u,'%s',%lld,%d)", tableName, el->chrom, el->chromStart, el->chromEnd, el->name, el->score, el->strand, el->name2, el->expCount, expScoresArray , el->_dataOffset, el->_dataLen); sqlUpdate(conn, update->string); freeDyString(&update); freez(&expScoresArray); } +#ifdef NOT_SAFE struct barChartBed *barChartBedLoad(char **row) /* Load a barChartBed from row fetched with select * from barChartBed * from database. Dispose of this with barChartBedFree(). */ { struct barChartBed *ret; AllocVar(ret); ret->expCount = sqlUnsigned(row[7]); ret->chrom = cloneString(row[0]); ret->chromStart = sqlUnsigned(row[1]); ret->chromEnd = sqlUnsigned(row[2]); ret->name = cloneString(row[3]); ret->score = sqlUnsigned(row[4]); safecpy(ret->strand, sizeof(ret->strand), row[5]); ret->name2 = cloneString(row[6]); @@ -100,30 +103,32 @@ { struct barChartBed *list = NULL, *el; struct lineFile *lf = lineFileOpen(fileName, TRUE); char *row[11]; while (lineFileNextCharRow(lf, chopper, row, ArraySize(row))) { el = barChartBedLoad(row); slAddHead(&list, el); } lineFileClose(&lf); slReverse(&list); return list; } +#endif + struct barChartBed *barChartBedCommaIn(char **pS, struct barChartBed *ret) /* Create a barChartBed out of a comma separated string. * This will fill in ret if non-null, otherwise will * return a new barChartBed */ { char *s = *pS; if (ret == NULL) AllocVar(ret); ret->chrom = sqlStringComma(&s); ret->chromStart = sqlUnsignedComma(&s); ret->chromEnd = sqlUnsignedComma(&s); ret->name = sqlStringComma(&s); ret->score = sqlUnsignedComma(&s); sqlFixedStringComma(&s, ret->strand, sizeof(ret->strand)); @@ -274,79 +279,84 @@ struct bed *barChartSimpleBedLoad(char **row) /* Load a bed from row containing barChart bed fields. * This reuses autoSql barChartBedLoad, but with a full-size bed. Dispose of this with bedFree() */ { struct bed *ret; AllocVar(ret); ret->chrom = cloneString(row[0]); ret->chromStart = sqlUnsigned(row[1]); ret->chromEnd = sqlUnsigned(row[2]); ret->name = cloneString(row[3]); ret->score = sqlUnsigned(row[4]); safecpy(ret->strand, sizeof(ret->strand), row[5]); // name2 is in row[6] ret->expCount = sqlUnsigned(row[7]); -{ int sizeOne; sqlFloatDynamicArray(row[8], &ret->expScores, &sizeOne); -assert(sizeOne == ret->expCount); +if (sizeOne != ret->expCount) + { + warn("expScores mismatch"); + return NULL; } return ret; } struct barChartBed *barChartBedLoadOptionalOffsets(char **row, boolean hasOffsets) /* Load a barChartBed from row fetched with select * from barChartBed * from database or file. Also supports schema lacking file offet and length for details. . Dispose of this with barChartBedFree(). */ { struct barChartBed *ret; AllocVar(ret); ret->chrom = cloneString(row[0]); ret->chromStart = sqlUnsigned(row[1]); ret->chromEnd = sqlUnsigned(row[2]); ret->name = cloneString(row[3]); ret->score = sqlUnsigned(row[4]); safecpy(ret->strand, sizeof(ret->strand), row[5]); ret->name2 = cloneString(row[6]); ret->expCount = sqlUnsigned(row[7]); -{ int sizeOne; sqlFloatDynamicArray(row[8], &ret->expScores, &sizeOne); -assert(sizeOne == ret->expCount); +if (sizeOne != ret->expCount) + { + warn("expScores mismatch"); + return NULL; } if (hasOffsets) { ret->_dataOffset = sqlLongLong(row[9]); ret->_dataLen = sqlSigned(row[10]); } return ret; } float barChartTotalValue(struct barChartBed *bed) /* Return total of all category values */ { int i; float sum = 0.0; for (i=0; iexpCount; i++) sum += bed->expScores[i]; return sum; } float barChartMaxValue(struct barChartBed *bed, int *categIdRet) /* Return value and id of category with highest value for this item */ { int i; float maxScore = 0.0; -assert(categIdRet); +if (!categIdRet) + return maxScore; for (i=0; iexpCount; i++) { float score = bed->expScores[i]; if (score > maxScore) { maxScore = score; *categIdRet = i; } } return maxScore; }