Potential buffer overflow and dead code in C API

Question

Potential buffer overflow and dead code in C API

Closed this issue a year ago · 3 comments

Hi,
I'm trying to read POD5 files with your C API. My problem comes specifically from the pod5_get_pore_type and pod5_get_end_reason functions. When I malloc a 16 char block for the end reason and an end reason larger than 16 chars is found, a buffer overflow occurs.
Specifically lines 663 to 667 contain:

   POD5_C_ASSIGN_OR_RAISE(auto const end_reason_val, batch->batch.get_end_reason(end_reason));
   *end_reason_string_value_size = end_reason_val.second.size() + 1;
   if (end_reason_val.second.size() >= *end_reason_string_value_size) {
       return POD5_ERROR_STRING_NOT_LONG_ENOUGH;
   }

My understanding is that said if contains dead code, hence it is never returned an POD5_ERROR_STRING_NOT_LONG_ENOUGH error code and thus a client application has no way of knowing whether the alloc'd memory is sufficient or not. Should I be checking the string value in another way?

Thanks,
Rafael.

Answer 1 · 2023-05-18T07:38:56.000Z

Hi @Rafael-Cast good catch - ill get a fix and test in asap

Thanks,

George

Answer 2 · 2023-05-18T20:22:27.000Z

@Rafael-Cast ,

We've just released 0.2.0 which contains a fix for this issue.

Thank you very much for reporting this issue to us.

Rich

Answer 3 · 2023-05-19T11:03:40.000Z

Thank you for the fix.

Rafael.