AddressSanitizer: heap-buffer-overflow (Out-of-Bound Write) at lib/fa.c:483

[hongxuchen]

When pblat is compiled with AddressSanitizer, it reports a out-of-bound write buffer overflow error at lib/fa.c:483.

./pblat -threads=1 ./pblat-report/01.fa pblat-report/astral-scopdom-seqres-all-test.fa /tmp/pblat-c.psl

=================================================================
==29050==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f44b1e8e800 at pc 0x0000005e1b69 bp 0x7ffcfec890f0 sp 0x7ffcfec890e8
WRITE of size 1 at 0x7f44b1e8e800 thread T0
    #0 0x5e1b68 in faMixedSpeedReadNext /home/exp/work/pblat/lib/fa.c:483:39
    #1 0x5e3ac7 in faReadAllMixableInLf /home/exp/work/pblat/lib/fa.c:583:18
    #2 0x5e3890 in faReadAllSeqMixable /home/exp/work/pblat/lib/fa.c:606:26
    #3 0x5e3890 in faReadAllMixed /home/exp/work/pblat/lib/fa.c:650
    #4 0x555406 in gfClientSeqList /home/exp/work/pblat/jkOwnLib/gfClientLib.c:194:14
    #5 0x5123bf in blat /home/exp/work/pblat/blatSrc/blat.c:711:17
    #6 0x51405b in main /home/exp/work/pblat/blatSrc/blat.c:947:5
    #7 0x7f44b0e50b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #8 0x41d9d9 in _start (/home/exp/work/pblat-asan/pblat+0x41d9d9)

0x7f44b1e8e800 is located 0 bytes to the right of 131072-byte region [0x7f44b1e6e800,0x7f44b1e8e800)
allocated by thread T0 here:
    #0 0x4d3030 in malloc (/home/exp/work/pblat-asan/pblat+0x4d3030)
    #1 0x607987 in needHugeMem /home/exp/work/pblat/lib/memalloc.c:136:11
    #2 0x5e3ac7 in faReadAllMixableInLf /home/exp/work/pblat/lib/fa.c:583:18
    #3 0x5e3890 in faReadAllSeqMixable /home/exp/work/pblat/lib/fa.c:606:26
    #4 0x5e3890 in faReadAllMixed /home/exp/work/pblat/lib/fa.c:650
    #5 0x555406 in gfClientSeqList /home/exp/work/pblat/jkOwnLib/gfClientLib.c:194:14
    #6 0x5123bf in blat /home/exp/work/pblat/blatSrc/blat.c:711:17
    #7 0x51405b in main /home/exp/work/pblat/blatSrc/blat.c:947:5
    #8 0x7f44b0e50b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/exp/work/pblat/lib/fa.c:483:39 in faMixedSpeedReadNext
Shadow bytes around the buggy address:
  0x0fe9163c9cb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9163c9cc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9163c9cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9163c9ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe9163c9cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe9163c9d00:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe9163c9d10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe9163c9d20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe9163c9d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe9163c9d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe9163c9d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==29050==ABORTING

Since this specifies only one thread, it may also affect the original blat; however I'm not able to compile that, so only report here. Please see the attached files for details.

pblat-report.zip

[icebert]

I just updated pblat based on the latest blat v36x2, you can try to compile with the latest code.

[hongxuchen]

It seems that the issue still exists. I attached a valgrind report for the regularly compiled pblat which can be reproduced by running valgrind ./pblat -threads=1 ./pblat-report/01.fa ./pblat-report/astral-scopdom-seqres-all-test.fa /tmp/pblat-c.psl. pblat_valgrind.txt