Hi Phil, Many thanks for finding, fixing, and reporting this bug. We'll incorporate the fix into our next release. Cheers, --Luis
On Wed, Jan 16, 2013 at 7:35 AM, Phil Charles <estofi...@gmail.com> wrote: > Hi guys, > > I ran across a bug in Parsers/Algorithm2XML/Mascot2XML/MascotConverter.cxx > while trying to work out why Mascot2XML was segfaulting on a particular > Mascot dat file. > > On line 316 the 'nextpeptide' variable is defined to hold peptide > sequences extracted from the dat file. It has a length of 128. > *316: *char nextpeptide[128]; > > Then, on line 440, a value is assigned to nextpeptide, among other things, > by sscanf (5th item, %s): > *440: *int result = sscanf(nextline, "%d %lf %lf %d %s %d %s %lf %s %d > %d;%c", > *441: *&first, &mass, &massdiff, &nextionmatch, nextpeptide, &first, > nextmods, &nextionscore, discard, &first, &first, &nextc); > > However, sscanf isn't overflow safe, so if the peptide is more than 128 > residues (unlikely, yes, but not impossible, and it only needs one...) the > remaining characters will overflow nextpeptide and overwrite whatever's > next - on my build, this meant it overwrote the variable holding the MIME > delimiter used to parse the dat file, which led to a later segfault as the > spectra_ array wasn't populated. Incidentally, compiling with debug flags > using 'make debug' seemed to solve the error, or at least prevent the > segfault - not quite sure why this was (maybe it overflowed into something > less critical), but it certainly made tracking down the issue a bit harder. > > The fix I applied was to increase the nextpeptide length and > overflow-proof the sscanf with respect to this variable (although if you > have a 1000 residue there's probably something else gone wrong!) with a > length limit on that %s. > *316:** *char nextpeptide[*1000*]; > ... > *440: *int result = sscanf(nextline, "%d %lf %lf %d %*1000*s %d %s %lf %s > %d %d;%c", > *441: *&first, &mass, &massdiff, &nextionmatch, nextpeptide, &first, > nextmods, &nextionscore, discard, &first, &first, &nextc); > > Cheers, > > Phil > > -- > You received this message because you are subscribed to the Google Groups > "spctools-discuss" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/spctools-discuss/-/9LUaN1h-4mAJ. > To post to this group, send email to spctools-discuss@googlegroups.com. > To unsubscribe from this group, send email to > spctools-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/spctools-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "spctools-discuss" group. To post to this group, send email to spctools-discuss@googlegroups.com. To unsubscribe from this group, send email to spctools-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/spctools-discuss?hl=en.
