__fortify_fail+0x37 error: *** buffer overflow detected ***

[Thomas Skelly]

Running 'make STARlong' version of STAR_2.3.1z, I get the following error:

 *** buffer overflow detected ***: /is2/projects/pacbio/static/software/packages/STAR_2.3.1z/STAR terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff6cd0f47]
/lib/x86_64-linux-gnu/libc.so.6(+0x109e40)[0x7ffff6ccfe40]
/is2/projects/pacbio/static/software/packages/STAR_2.3.1z/STAR[0x413aa7]
/is2/projects/pacbio/static/software/packages/STAR_2.3.1z/STAR[0x405086]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7ffff6be776d]
/is2/projects/pacbio/static/software/packages/STAR_2.3.1z/STAR[0x406e81]

<snip>

The offending code is, in Parameters.h:

        char genomeNumToNT[5];

and in Parameters.cpp:

    strcpy(genomeNumToNT,"ACGTN");

Remember the "ACGTN" string includes a null terminator, so it is actually 6 bytes long.

The fix is to change [5] to [6]. You owe me a beer.

I'm wondering whether this is an installation-dependent failure. It's clearly a bug, but it would probably slip through if Fortify had not caught it. I'm running Ubuntu 12.04, where it appears that Fortify is enabled by default. (Googling does not absolutely confirm this...) In another environment, without Fortify, it might go unnoticed.

--TS

[Alexander Dobin]

Hi Thomas,

thanks again - I guess I owe you two beers :)

Will add this fix in the new patch.

Cheers

Alex

[Mohamed Adil]

Hi,

I came across a similar problem with a code. Can you explain how did you back trace the problem to the file in which the problem was? 

Thanks

Adil 

[Alexander Dobin]

Hi Adil,

this is a very old bug and was fixed ~5 years ago, hopefully. :)

Can you try one of the latest STAR releases (2.6.1d or 2.7.1a) and send me the error message and the Log.out file.

Cheers

Alex