Package: readseq
Version: 1-10
Severity: normal
Tags: patch
Hello,
looking at why readseq failed to build in Ubuntu trusty, gcc found a
buffer overflow in ureadseq.c:
In function 'strcpy',
inlined from 'writeSeq' at ureadseq.c:1925:13:
/usr/include/x86_64-linux-gnu/bits/string3.h:104:3: warning: call to
__builtin___memcpy_chk will always overflow destination buffer [enabled by
default]
which then got triggered by the test suite:
Test of NCBI ASN.1 conversions:
./readseq -p -f=asn test.m-ig -otest.m-asn
*** buffer overflow detected ***: ./readseq terminated
Looking at ureadseq.c:writeSeq() it's pretty obvious that
char idword[31], endstr[10]; (line 1771)
and
strcpy(endstr,"\"\n } } ,"); (line 1925)
won't match (the string copied is 14 bytes long).
Regards,
Michael
Index: readseq-1/ureadseq.c
===================================================================
--- readseq-1.orig/ureadseq.c 2013-12-30 18:06:59.000000000 +0100
+++ readseq-1/ureadseq.c 2013-12-30 18:13:37.000000000 +0100
@@ -1768,7 +1768,7 @@
short linesout = 0, seqtype = kNucleic;
long i, j, l, l1, ibase;
- char idword[31], endstr[10];
+ char idword[31], endstr[14];
char seqnamestore[128], *seqname = seqnamestore;
char s[kMaxseqwidth], *cp;
char nameform[10], numform[10], nocountsymbols[10];
