Closed
Description
The attached file triggers an out-of-bounds read in cram_decode_seq:
Program received signal SIGSEGV, Segmentation fault.
0x0000555555982013 in cram_decode_seq (fd=0x62d000000400, c=0x616000002a80, s=0x6110000016c0, blk=0x607000000720,
cr=0x618000001080, bfd=0x61a000000c80, cf=1, seq=0x619000003c80 '=' <repeats 76 times>, '\276' <repeats 124 times>...,
qual=0x619000004180 '\276' <repeats 200 times>..., has_MD=0, has_NM=0)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:1434
1434 if (ref_pos >= bfd->ref[cr->ref_id].len || !s->ref) {
(gdb) x/i $rip
=> 0x555555982013 <cram_decode_seq+17603>: cmp (%rcx),%eax
(gdb) p/x $rcx
$1 = 0x602d3b919938
(gdb) x/gx &bfd->ref[cr->ref_id].len
0x602d3b919938: 0x0000000000000000
(gdb) p cr->ref_id
$2 = -371422181
(gdb) bt
#0 0x0000555555982013 in cram_decode_seq (fd=0x62d000000400, c=0x616000002a80, s=0x6110000016c0, blk=0x607000000720,
cr=0x618000001080, bfd=0x61a000000c80, cf=1, seq=0x619000003c80 '=' <repeats 76 times>, '\276' <repeats 124 times>...,
qual=0x619000004180 '\276' <repeats 200 times>..., has_MD=0, has_NM=0)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:1434
#1 0x0000555555977af6 in cram_decode_slice (fd=0x62d000000400, c=0x616000002a80, s=0x6110000016c0, bfd=0x61a000000c80)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:2676
#2 0x000055555599347d in cram_decode_slice_mt (fd=0x62d000000400, c=0x616000002a80, s=0x6110000016c0, bfd=0x61a000000c80)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:2786
#3 0x0000555555997b60 in cram_next_slice (fd=0x62d000000400, cp=0x7fffffffd2e0)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:3107
#4 0x0000555555993b7f in cram_get_seq (fd=0x62d000000400) at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:3180
#5 0x000055555599830b in cram_get_bam_seq (fd=0x62d000000400, bam=0x7fffffffd700)
at third_party/htslib/htslib_1_4_1/cram/cram_decode.c:3240
#6 0x0000555555861e0f in sam_read1 (fp=0x608000000ba0, h=0x606000001880, b=0x6060000018e0)
at third_party/htslib/htslib_1_4_1/sam.c:1183
#7 0x000055555580941f in view_sam (hfp=0x6060000017c0,
filename=0x6070000003b8 "/usr/local/google/home/kostyak/tmp/sam/poc.cram")
at experimental/users/kostyak/htsfuzz/htsreader.cc:34
#8 0x0000555555808e75 in main (argc=1, argv=0x7fffffffdc48) at experimental/users/kostyak/htsfuzz/htsreader.cc:81
It looks like cr->ref_id is negative and out of the bounds of the array.
Metadata
Metadata
Assignees
Labels
No labels