Protect against mapped CRAM records at POS 0.

We check pos >= ref_len, but didn't check for pos 0 (aka -1 in BAM). Credit to OSS-Fuzz Fixes oss-fuzz 70917
samtools · Aug 8, 2024 · 2202fee · 2202fee
1 parent f1a7ec9
commit 2202fee
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/cram/cram_encode.c b/cram/cram_encode.c
@@ -3441,6 +3441,11 @@ static int process_one_read(cram_fd *fd, cram_container *c,
         int64_t apos = cr->apos-1, spos = 0;
         int64_t MD_last = apos; // last position of edit in MD tag
 
+        if (apos < 0) {
+            hts_log_error("Mapped read with position <= 0 is disallowed");
+            return -1;
+        }
+
         cr->cigar       = s->ncigar;
         cr->ncigar      = bam_cigar_len(b);
         while (cr->cigar + cr->ncigar >= s->cigar_alloc) {