1f55f129858863d78076fd3818d3841429741121
galt
  Mon Jan 29 01:35:45 2018 -0800
Fixing bug: sqlDyStringAppend() is not safe, and it is not needed. Using sqlDyStringPrintf instead.

diff --git src/hg/lib/annoStreamDb.c src/hg/lib/annoStreamDb.c
index 15b91dd..67bdc9d 100644
--- src/hg/lib/annoStreamDb.c
+++ src/hg/lib/annoStreamDb.c
@@ -338,55 +338,58 @@
     // Swap in explicit table name for bin field:
     char tableDotBin[PATH_LEN];
     safef(tableDotBin, sizeof(tableDotBin), "%s.bin", self->table);
     struct dyString *explicitBinConstraints = dyStringSub(binConstraints->string,
                                                           "bin", tableDotBin);
     dyStringAppend(query, explicitBinConstraints->string);
     dyStringFree(&explicitBinConstraints);
     dyStringFree(&binConstraints);
     }
 }
 
 static void addRangeToQuery(struct annoStreamDb *self, struct dyString *query,
                             char *chrom, uint start, uint end, boolean hasWhere)
 /* Add position constraints to query. */
 {
-sqlDyStringAppend(query, hasWhere ? " and " : " where ");
+if (hasWhere)
+    sqlDyStringPrintf(query, " and ");
+else
+    sqlDyStringPrintf(query, " where ");
 sqlDyStringPrintf(query, "%s.%s='%s'", self->table, self->chromField, chrom);
 uint chromSize = annoAssemblySeqSize(self->streamer.assembly, chrom);
 boolean addStartConstraint = (start > 0);
 boolean addEndConstraint = (end < chromSize);
 if (addStartConstraint || addEndConstraint)
     {
-    sqlDyStringAppend(query, "and ");
+    sqlDyStringPrintf(query, "and ");
     if (self->hasBin)
         addBinToQuery(self, start, end, query);
     if (addStartConstraint)
         {
         if (self->doNextChunk)
             sqlDyStringPrintf(query, "%s.%s >= %u ", self->table, self->startField, start);
         else
             // Make sure to include insertions at start:
             sqlDyStringPrintf(query, "(%s.%s > %u or (%s.%s = %s.%s and %s.%s = %u)) ",
                               self->table, self->endField, start,
                               self->table, self->endField, self->table, self->startField,
                               self->table, self->startField, start);
         }
     if (addEndConstraint)
         {
         if (addStartConstraint)
-            sqlDyStringAppend(query, "and ");
+            sqlDyStringPrintf(query, "and ");
         // Make sure to include insertions at end:
         sqlDyStringPrintf(query, "(%s.%s < %u or (%s.%s = %s.%s and %s.%s = %u)) ",
                           self->table, self->startField, end,
                           self->table, self->startField, self->table, self->endField,
                           self->table, self->endField, end);
         }
     }
 }
 
 static void asdDoQuerySimple(struct annoStreamDb *self, char *minChrom, uint minEnd)
 /* Return a sqlResult for a query on table items in position range.
  * If doing a whole genome query. just select all rows from table. */
 // NOTE: it would be possible to implement filters at this level, as in hgTables.
 {
 struct annoStreamer *streamer = &(self->streamer);