Hi guys, I ran across a bug in Parsers/Algorithm2XML/Mascot2XML/MascotConverter.cxx while trying to work out why Mascot2XML was segfaulting on a particular Mascot dat file.
On line 316 the 'nextpeptide' variable is defined to hold peptide sequences extracted from the dat file. It has a length of 128. *316: *char nextpeptide[128]; Then, on line 440, a value is assigned to nextpeptide, among other things, by sscanf (5th item, %s): *440: *int result = sscanf(nextline, "%d %lf %lf %d %s %d %s %lf %s %d %d;%c", *441: *&first, &mass, &massdiff, &nextionmatch, nextpeptide, &first, nextmods, &nextionscore, discard, &first, &first, &nextc); However, sscanf isn't overflow safe, so if the peptide is more than 128 residues (unlikely, yes, but not impossible, and it only needs one...) the remaining characters will overflow nextpeptide and overwrite whatever's next - on my build, this meant it overwrote the variable holding the MIME delimiter used to parse the dat file, which led to a later segfault as the spectra_ array wasn't populated. Incidentally, compiling with debug flags using 'make debug' seemed to solve the error, or at least prevent the segfault - not quite sure why this was (maybe it overflowed into something less critical), but it certainly made tracking down the issue a bit harder. The fix I applied was to increase the nextpeptide length and overflow-proof the sscanf with respect to this variable (although if you have a 1000 residue there's probably something else gone wrong!) with a length limit on that %s. *316:** *char nextpeptide[*1000*]; ... *440: *int result = sscanf(nextline, "%d %lf %lf %d %*1000*s %d %s %lf %s %d %d;%c", *441: *&first, &mass, &massdiff, &nextionmatch, nextpeptide, &first, nextmods, &nextionscore, discard, &first, &first, &nextc); Cheers, Phil -- You received this message because you are subscribed to the Google Groups "spctools-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/spctools-discuss/-/9LUaN1h-4mAJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/spctools-discuss?hl=en.
