Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP3:Update
libhts
CVE-2020-36403.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-36403.diff of Package libhts
--- "a/vcf.c" 2021-07-04 16:38:43.204081102 +0200 +++ "b/vcf.c" 2021-07-04 16:42:07.517079937 +0200 @@ -2337,9 +2337,28 @@ v->errcode |= BCF_ERR_TAG_INVALID; return -1; } - align_mem(mem); + + if (align_mem(mem) < 0) { + // hts_log_error("Memory allocation failure at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1); + v->errcode |= BCF_ERR_LIMITS; + return -1; + } + + // Limit the total memory to ~2Gb per VCF row. This should mean + // malformed VCF data is less likely to take excessive memory and/or + // time. + if ((uint64_t) mem->l + v->n_sample * (uint64_t)f->size > INT_MAX) { + // hts_log_error("Excessive memory required by FORMAT fields at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1); + v->errcode |= BCF_ERR_LIMITS; + return -1; + } + f->offset = mem->l; - ks_resize(mem, mem->l + v->n_sample * f->size); + if (ks_resize(mem, mem->l + v->n_sample * (size_t)f->size) < 0) { + // hts_log_error("Memory allocation failure at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1); + v->errcode |= BCF_ERR_LIMITS; + return -1; + } mem->l += v->n_sample * f->size; } for (j = 0; j < v->n_fmt; ++j)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor