Buffer Overflow in get_reference_pdb() Caused by Insufficient Buffer Size #11
Description
Summary
When running rnaview -p --pdb 1kpd.pdb, I encountered a crash (Trace/BPT trap) due to a buffer overflow in get_reference_pdb().
Steps to Reproduce
- Set RNAVIEW environment variable to a path that, together with "BASEPARS/ref.pdb", exceeds 80 characters (for example, if RNAVIEW points to a deep directory path of length > 60).
- Run:
$ rnaview -p --pdb 1kpd.pdb- The program fails with a message like:
Processing a single file ...
PDB data file name: /Users/ootagakitakumi/myapp/0304test/PseudoknotVisualizer/test/1KPD.pdb_new
########################################################RNA/DNA chain_ID: A from residue 1 to 32
The backbone torsion angles are in /Users/ootagakitakumi/myapp/0304test/PseudoknotVisualizer/test/1KPD.pdb_new_torsion.out
Trace/BPT trap: 5
Root Cause
In src/fpair_sub.c, function get_reference_pdb(), there is a buffer declared as:
char **sAtomName, spdb[80];This buffer holds the concatenation of the RNAVIEW path plus additional strings (like "/BASEPARS/ref.pdb"). If the combined length exceeds 80 characters, it causes a buffer overflow. On macOS or other systems with buffer checks, this triggers a runtime crash (Trace/BPT trap).
Suggested Fix
Increasing the buffer size resolves the crash. For example, changing line 46 in src/fpair_sub.c to:
char **sAtomName, spdb[200];allowed the program to run correctly when RNAVIEW is set to a longer path.
After modifying and saving the file, recompile with:
cd RNAView
make clean
rm bin/rnaview
makeThe program then works without triggering the overflow.
Additional Information
- Environment: (macOS Sequoia, M2 chip, RNAVIEW commit 6349bbd).
- C Compiler: (clang 16.0.0).
- Possible Improvement: Switching from sprintf to snprintf, or using a dynamically allocated buffer, could further safeguard against similar issues.
Thank you for providing this excellent tool! I hope this report helps prevent buffer overflows for others who might install RNAVIEW in a directory with a long path.