Menu
▾
▴
#936 Null pointer dereference in OpenBabel::OBSmilesParser::ParseSmiles
Hi,
I have been working on a project which included a lot of malformed SMILES been fed to OpenBabel via Python bindings. I have found out a case when OpenBabel crashes with a segmentation fault. After playing a bit, I have found the simplest case to break it is something like the following SMILES string:
F13.1
To reproduce the error, do the following:
$ echo 'F13.1' > test.smi
$ babel -i smi test.smi -o mol test.mol
Segmentation fault
In Python:
$ python
Python 3.4.1 (default, May 23 2014, 17:48:28) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
import pybel
pybel.readstring('smi', 'F13.1')
Segmentation fault
$
I have run babel with GDB, here is the backtrace:
1 0x00007fffef348cdb in OpenBabel::OBSmilesParser::ParseSmiles (this=this@entry=0x7fffffff41b0, mol=...) at ../temp/openbabel-2.3.2/src/formats/smilesformat.cpp:431
2 0x00007fffef349427 in OpenBabel::OBSmilesParser::SmiToMol (this=this@entry=0x7fffffff41b0, mol=..., s=...) at ../temp/openbabel-2.3.2/src/formats/smilesformat.cpp:398
3 0x00007fffef349c63 in OpenBabel::SMIBaseFormat::ReadMolecule (this=<optimized out="">, pOb=<optimized out="">, pConv=0x7fffffffdf60) at ../temp/openbabel-2.3.2/src/formats/smilesformat.cpp:343
4 0x00007ffff77934e2 in OpenBabel::OBMoleculeFormat::ReadChemObjectImpl (pConv=0x7fffffffdf60, pFormat=0x7fffef55fb50 <openbabel::thesmiformat>) at ../temp/openbabel-2.3.2/src/obmolecformat.cpp:105
5 0x00007ffff7738e8c in OpenBabel::OBConversion::Convert (this=this@entry=0x7fffffffdf60) at ../temp/openbabel-2.3.2/src/obconversion.cpp:519
6 0x00007ffff773b33d in OpenBabel::OBConversion::Convert (this=this@entry=0x7fffffffdf60, is=0x7fffffffd3e0, os=os@entry=0x7fffffffcfe0) at ../temp/openbabel-2.3.2/src/obconversion.cpp:450
7 0x00007ffff773d6cf in OpenBabel::OBConversion::FullConvert (this=this@entry=0x7fffffffdf60, FileList=..., OutputFileName=..., OutputFileList=...) at ../temp/openbabel-2.3.2/src/obconversion.cpp:1417
8 0x0000000000402eba in main (argc=7, argv=0x7fffffffe318) at ../temp/openbabel-2.3.2/tools/babel.cpp:347</openbabel::thesmiformat></optimized></optimized>
The following line gives an error:
openbabel-2.3.2/src/formats/smilesformat.cpp:2265
2265 patom->SetSpinMultiplicity(0);
patom is zero, and it is being dereferenced:
(gdb) p patom
$14 = (OpenBabel::OBAtom *) 0x0
I am not acquainted with the internals of Openbabel, but it seems that the function tries to form a bond between an atom and nothing. Think this is not a major problem and not a vulnerability at all, but this can probably break some projects which depend on openbabel - just like my one :)
This appears to be fixed in the current development code:
*** Open Babel Warning in OpenBabel::OBSmilesParser::ParseRingBond
Number not parsed correctly as a ring bond
0 molecules converted