Skip to content

Fix regidx out-of-bounds array access and double free#2533

Open
sirus20x6 wants to merge 1 commit intosamtools:developfrom
sirus20x6:fix/regidx-oob
Open

Fix regidx out-of-bounds array access and double free#2533
sirus20x6 wants to merge 1 commit intosamtools:developfrom
sirus20x6:fix/regidx-oob

Conversation

@sirus20x6
Copy link
Copy Markdown
Contributor

@sirus20x6 sirus20x6 commented Mar 26, 2026

Summary

  • Cap iend to list->nidx - 1 instead of list->nidx in regidx_overlap — the loop for (i=ibeg; i<=iend; i++) could read list->idx[nidx], one past the allocated array
  • Set str.s = NULL after free(str.s) in regidx_init — prevents double free if hts_close() fails and the error path frees str.s again

Test plan

  • Existing test suite passes (1920/1920)
  • Verify region overlap queries at chromosome boundaries

@sirus20x6
Fix two bugs in regidx.c: OOB array access and double-free
370aed7 
1. regidx_overlap: cap iend to nidx-1 instead of nidx, preventing
   an out-of-bounds read of list->idx[nidx] in the i<=iend loop.

2. regidx_init: set str.s = NULL after freeing it so the error
   path does not double-free when hts_close() fails.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sirus20x6