The parser code for the charge layer doesn't check the input repeat count, so this
writes a lot of "-1"s to the heap, almost certainly causing a segmentation fault, or corrupting data.
Also, the underlying code uses atoi to parse the string so I can give it a negative number. I can't overflow the data structure in the other direction but I can use it to jump backwards.
For a neat example, this one backs up and replaces already assigned charges.
when passed to the InChI code produces
The code should verify that the repeat counts are > 0 and never exceed the number of components.
Log in to post a comment.