381513b45ce805dd0f5f68c3fc528e8e90dda504
hiram
  Thu Sep 5 14:44:28 2019 -0700
validate end coordinate for sequence request is within chromSize refs #24089

diff --git src/hg/hubApi/getData.c src/hg/hubApi/getData.c
index 28726c5..46b26e4 100644
--- src/hg/hubApi/getData.c
+++ src/hg/hubApi/getData.c
@@ -774,31 +774,35 @@
 if (chromSeqFileExists(db, chrom))
     {
     struct chromInfo *ci = hGetChromInfo(db, chrom);
     unsigned chromSize = ci->size;
     struct dnaSeq *seq = NULL;
 
     if (isEmpty(start) || isEmpty(end))
 	if (chromSize > MAX_DNA_LENGTH)
 	    apiErrAbort(err400, err400Msg, "DNA sequence request %d too large, limit: %u for endpoint '/getData/sequence?genome=%s;chrom=%s'", chromSize, MAX_DNA_LENGTH, db, chrom);
 	else
 	    seq = hChromSeqMixed(db, chrom, 0, 0);
     else
 	if ( (sqlSigned(end) - sqlSigned(start)) > MAX_DNA_LENGTH)
 	    apiErrAbort(err400, err400Msg, "DNA sequence request %d too large, limit: %u for endpoint '/getData/sequence?genome=%s;chrom=%s;start=%s;end=%s'", sqlSigned(end) - sqlSigned(start), MAX_DNA_LENGTH, db, chrom, start, end);
 	else
+	    {
+	    if (sqlSigned(end) > chromSize)
+		apiErrAbort(err400, err400Msg, "DNA sequence request end coordinate %d past end of chromosome size %d for endpoint '/getData/sequence?genome=%s;chrom=%s;start=%s;end=%s'", sqlSigned(end), chromSize, db, chrom, start, end);
 	    seq = hChromSeqMixed(db, chrom, sqlSigned(start), sqlSigned(end));
+	    }
 
     long endTime = clock1000();
     long long et = endTime - timeStart;
 
     if (NULL == seq)
         apiErrAbort(err400, err400Msg, "can not find sequence for chrom=%s for endpoint '/getData/sequence?genome=%s;chrom=%s'", chrom, db, chrom);
     struct jsonWrite *jw = apiStartOutput();
     if (isNotEmpty(hubUrl))
 	jsonWriteString(jw, "hubUrl", hubUrl);
     if (measureTiming)
 	jsonWriteNumber(jw, "dnaFetchTimeMs", et);
     jsonWriteString(jw, "genome", db);
     jsonWriteString(jw, "chrom", chrom);
     if (isEmpty(start) || isEmpty(end))
 	{