CVE-2019-10269: Buffer overflow while storing .alt file using bwa mem by zachbthomas · Pull Request #232 · lh3/bwa

When using bwa mem and an .alt file containing a line greater than 1024 bytes in length, a buffer overflow results from storing .alt file contents into a 1024 byte static buffer. The fgetc() function is used in a loop to read an .alt file byte-by-byte. Each byte is manually stored in the static buffer until a line termination character is read. Exceeding the 1024 byte line size limit will overflow the buffer. This buffer overflow can be exploited to potentially gain arbitrary code execution on the system running bwa.

The proposed commits obtain the size of the .alt file and dynamically allocate adequate memory to store the entire file. The fseeko() and ftello() functions are used to determine the size of the .alt file. The calloc() function is used to dynamically allocate and initialize memory equal to the size of the file. Because enough memory is allocated to store the entire .alt file, the buffer overflow is mitigated in the commit code.