File CVE-2020-36403.diff of Package libhts

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2020-36403.diff of Package libhts

--- "a/vcf.c"	2021-07-04 16:38:43.204081102 +0200
+++ "b/vcf.c"	2021-07-04 16:42:07.517079937 +0200
@@ -2337,9 +2337,28 @@
             v->errcode |= BCF_ERR_TAG_INVALID;
             return -1;
         }
-        align_mem(mem);
+        
+        if (align_mem(mem) < 0) {
+            // hts_log_error("Memory allocation failure at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1);
+            v->errcode |= BCF_ERR_LIMITS;
+            return -1;
+        }
+        
+        // Limit the total memory to ~2Gb per VCF row.  This should mean
+        // malformed VCF data is less likely to take excessive memory and/or
+        // time.
+        if ((uint64_t) mem->l + v->n_sample * (uint64_t)f->size > INT_MAX) {
+            // hts_log_error("Excessive memory required by FORMAT fields at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1);
+            v->errcode |= BCF_ERR_LIMITS;
+            return -1;
+        }
+
         f->offset = mem->l;
-        ks_resize(mem, mem->l + v->n_sample * f->size);
+        if (ks_resize(mem, mem->l + v->n_sample * (size_t)f->size) < 0) {
+            // hts_log_error("Memory allocation failure at %s:%"PRIhts_pos, bcf_seqname_safe(h,v), v->pos+1);
+            v->errcode |= BCF_ERR_LIMITS;
+            return -1;
+        }
         mem->l += v->n_sample * f->size;
     }
     for (j = 0; j < v->n_fmt; ++j)

Places

File CVE-2020-36403.diff of Package libhts

Places