Skip to content

Added extra overrun detection in BYTE_ARRAY_LEN decoder. #1981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
daviesrob merged 1 commit into from
Jan 19, 2026
Merged

Added extra overrun detection in BYTE_ARRAY_LEN decoder. #1981

daviesrob merged 1 commit into from
Jan 19, 2026

Conversation

@jkbonfield
Copy link
Contributor

@jkbonfield jkbonfield commented Jan 12, 2026

Although the input specifies the maximum size of 'out' in *out_side (which is subsequently replaced by the actual size), this wasn't checked for when calling byte_array_len.len_codec->decode to fetch the length field.

The obvious fix did trigger other problems however. We've been routinely calling this with incorrect parameters when decoding aux tags. Eg XA:i encoded as XAs (short) would specify out_size of 1, as we're attempting to decode a single item. This is the standard way all of our decoders work - indicating the number of things to decode rather than their byte lengths. However by definition this is a "byte array" so we need to compensate for that before calling the decode function. It wasn't required before (as we didn't check).

@jkbonfield
Added extra overrun detection in BYTE_ARRAY_LEN decoder.
01cd003 
Although the input specifies the maximum size of 'out' in *out_side
(which is subsequently replaced by the actual size), this wasn't
checked for when calling byte_array_len.len_codec->decode to fetch the
length field.

The obvious fix did trigger other problems however.  We've been
routinely calling this with incorrect parameters when decoding aux
tags.  Eg XA:i encoded as XAs (short) would specify out_size of 1, as
we're attempting to decode a single item.  This is the standard way
all of our decoders work - indicating the number of things to decode
rather than their byte lengths.  However by definition this is a "byte
array" so we need to compensate for that before calling the decode
function.  It wasn't required before (as we didn't check).
@daviesrob daviesrob self-assigned this Jan 15, 2026
@daviesrob
Copy link
Member

daviesrob commented Jan 19, 2026

It looks like there's an implicit assumption here that B-type aux tags are stored in external blocks. I don't think that has to be the case as BYTE_ARRAY_LEN could, in theory, use HUFFMAN as its value codec. In practice our HUFFMAN decoder does not support output to byte arrays, so the assumption is true but there could be valid files that we cannot read. As this problem goes beyond the issue being addressed by this PR I'll raise it separately.

@daviesrob daviesrob merged commit 01cd003 into samtools:develop Jan 19, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@daviesrob daviesrob

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jkbonfield @daviesrob