Potential buffer overflow and dead code in C API
Closed this issue · 3 comments
Hi,
I'm trying to read POD5 files with your C API. My problem comes specifically from the pod5_get_pore_type and pod5_get_end_reason functions. When I malloc a 16 char block for the end reason and an end reason larger than 16 chars is found, a buffer overflow occurs.
Specifically lines 663 to 667 contain:
POD5_C_ASSIGN_OR_RAISE(auto const end_reason_val, batch->batch.get_end_reason(end_reason));
*end_reason_string_value_size = end_reason_val.second.size() + 1;
if (end_reason_val.second.size() >= *end_reason_string_value_size) {
return POD5_ERROR_STRING_NOT_LONG_ENOUGH;
}
My understanding is that said if contains dead code, hence it is never returned an POD5_ERROR_STRING_NOT_LONG_ENOUGH error code and thus a client application has no way of knowing whether the alloc'd memory is sufficient or not. Should I be checking the string value in another way?
Thanks,
Rafael.
We've just released 0.2.0 which contains a fix for this issue.
Thank you very much for reporting this issue to us.
Rich
Thank you for the fix.
Rafael.