Merge pull request #8 from molgen/defeat-buffer-overflow

Defeat buffer overflow

main.cpp

@@ -20,6 +20,8 @@
 #include <pthread.h>
 #endif
 
+#define LINEBUFFSIZE 1024
+
 using namespace std;
 
 //global variables
@@ -397,7 +399,8 @@ int check_ifile_format(string &filename, int gz_flag) {
 }
 
 void RunProcess(void) {
-	char _ch[256]; string _str="@HD\tVN:1.0\n";
+	char _ch[LINEBUFFSIZE];
+  string _str="@HD\tVN:1.0\n";
 	if(out_align_file.size()>4){
 	    if(out_align_file.compare(out_align_file.size()-4,4,".sam")==0) param.out_sam=1;
 	    else if (out_align_file.compare(out_align_file.size()-4,4,".bam")==0) param.out_sam=2;
@@ -483,11 +486,19 @@ void RunProcess(void) {
 		}
 
 		if(param.out_sam&&param.sam_header) {
+			int ret_len;
 			for(bit32_t i=0;i<ref.total_num;i++){
-				sprintf(_ch,"@SQ\tSN:%s\tLN:%u\n",ref.title[i<<1].name.c_str(),ref.title[i<<1].size);
+				ret_len=snprintf(_ch,LINEBUFFSIZE,"@SQ\tSN:%s\tLN:%u\n",ref.title[i<<1].name.c_str(),ref.title[i<<1].size);
+				if (ret_len>=LINEBUFFSIZE) {
+					cerr<<"Buffer error, output was truncated (increase LINEBUFFSIZE in main.cpp and recompile)."<<endl;
+				}
 				_str.append(_ch);
 			}
-			sprintf(_ch,"@PG\tID:BSMAP\tVN:%s\tCL:\"%s\"\n",version,command_line.c_str()); _str.append(_ch);
+			ret_len=snprintf(_ch,LINEBUFFSIZE,"@PG\tID:BSMAP\tVN:%s\tCL:\"%s\"\n",version,command_line.c_str());
+			if (ret_len>=LINEBUFFSIZE) {
+				cerr<<"Buffer error, output was truncated (increase LINEBUFFSIZE in main.cpp and recompile)."<<endl;
+			}
+			_str.append(_ch);
 			if(param.stdout) cout<<_str;
 			else if(param.pipe_out) fwrite(_str.c_str(),1,_str.size(),pout);
 			else fout<<_str;
@@ -551,18 +562,26 @@ void RunProcess(void) {
             }
 			else fout.open(out_align_file.c_str());
         }
-                                                		
+
 		if(param.out_sam&&param.sam_header) {
-    		char _ch[1000];
-	    	for(bit32_t i=0;i<ref.total_num;i++) {
-	    	    sprintf(_ch,"@SQ\tSN:%s\tLN:%u\n",ref.title[i<<1].name.c_str(),ref.title[i<<1].size);
-	    	    _str.append(_ch);
-	    	}
-			sprintf(_ch,"@PG\tID:BSMAP\tVN:%s\tCL:\"%s\"\n",version,command_line.c_str()); _str.append(_ch);
-            if(param.stdout) cout<< _str;
-            else if(param.pipe_out) fwrite(_str.c_str(),1,_str.size(),pout);
+			char _ch[LINEBUFFSIZE];
+			int ret_len;
+			for(bit32_t i=0;i<ref.total_num;i++) {
+				ret_len=snprintf(_ch,LINEBUFFSIZE,"@SQ\tSN:%s\tLN:%u\n",ref.title[i<<1].name.c_str(),ref.title[i<<1].size);
+				if (ret_len>=LINEBUFFSIZE) {
+					cerr<<"Buffer error, output was truncated (increase LINEBUFFSIZE in main.cpp and recompile)."<<endl;
+				}
+				_str.append(_ch);
+			}
+			ret_len=snprintf(_ch,LINEBUFFSIZE,"@PG\tID:BSMAP\tVN:%s\tCL:\"%s\"\n",version,command_line.c_str());
+			if (ret_len>=LINEBUFFSIZE) {
+				cerr<<"Buffer error, output was truncated (increase LINEBUFFSIZE in main.cpp and recompile)."<<endl;
+			}
+			_str.append(_ch);
+			if(param.stdout) cout<< _str;
+			else if(param.pipe_out) fwrite(_str.c_str(),1,_str.size(),pout);
 			else fout<<_str;
-	    }
+		}
 		n_aligned=0;
 		info(1);
 		Do_SingleAlign();