Closed OctavioGalland closed 7 months ago
It appeared to be fixed by my fix for #1698. That wasn't actually a reuse-after-free bug, but a read buffer read overflow caused by an unmapped "alignment" starting a long way beyond the end of the specified reference. It happened to land within a block which had previously been freed.
Summary
Heap-buffer overflow in
hts_md5_update
during parsing of a crafted SAM/FASTA file pair.Environment
Built using LLVM 14 with ASAN on Ubuntu 22.04
How to reproduce
Build with ASAN on latest commit like so:
Within the samtools folder, get poc file and reproduce with:
Which on my setup outputs:
Maybe it's related to https://github.com/samtools/htslib/issues/1692 ? The backtrace looks a bit different though (6th function is
cram_close
instead ofcram_flush
).