ID h59
TITLE seq descriptions containing '%' cause segfault
AFFECTS 3.0b2
FIXED_IN 3.0b3
STATUS CLOSED
XREF J5/75
REPORTED_BY Michael Remmert remmert@genzentrum.lmu.de 11 Aug 2009
OPENED_DATE SRE, Fri Sep 11 10:38:37 2009
CLOSED_DATE SRE, Fri Sep 11 13:54:24 2009
DESCRIPTION
Original email report shows a jackhmmer segfault that appeared
fairly obscure -- only with certain queries, only in jackhmmer.
Traced to a segfault when using esl_msa_SetSeqDescription()
to copy a seq description to a new MSA. This reveals a general
flaw in the entire {msa,seq}_Set* functions -- they can't be used
to copy a string that might contain a naked '%', from user
input outside program's control.
Requires changing the {msa,sq} API: _Set functions changed to
_Format; new _Set* functions take a const string, not a
printf()-style format string and varargs.
ID h59 TITLE seq descriptions containing '%' cause segfault AFFECTS 3.0b2 FIXED_IN 3.0b3 STATUS CLOSED XREF J5/75 REPORTED_BY Michael Remmert remmert@genzentrum.lmu.de 11 Aug 2009 OPENED_DATE SRE, Fri Sep 11 10:38:37 2009 CLOSED_DATE SRE, Fri Sep 11 13:54:24 2009 DESCRIPTION
Original email report shows a jackhmmer segfault that appeared fairly obscure -- only with certain queries, only in jackhmmer. Traced to a segfault when using esl_msa_SetSeqDescription() to copy a seq description to a new MSA. This reveals a general flaw in the entire {msa,seq}_Set* functions -- they can't be used to copy a string that might contain a naked '%', from user input outside program's control.
Requires changing the {msa,sq} API: _Set functions changed to _Format; new _Set* functions take a const string, not a printf()-style format string and varargs.