From c11caffbd765d798e383fe558675771a2e2edc0d Mon Sep 17 00:00:00 2001 From: James Thompson Date: Tue, 17 Dec 2024 15:26:41 +0000 Subject: [PATCH] Vulnerability fixes --- Code/GraphMol/FileParsers/MolSGroupParsing.cpp | 10 ++++++++++ Code/GraphMol/SmilesParse/CXSmilesOps.cpp | 3 ++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/Code/GraphMol/FileParsers/MolSGroupParsing.cpp b/Code/GraphMol/FileParsers/MolSGroupParsing.cpp index f02366f22..330387b45 100644 --- a/Code/GraphMol/FileParsers/MolSGroupParsing.cpp +++ b/Code/GraphMol/FileParsers/MolSGroupParsing.cpp @@ -1132,7 +1132,17 @@ void ParseV3000ParseLabel(const std::string &label, } else if (label == "PARENT") { // Store relationship until all SGroups have been read unsigned int parentIdx; + if (lineStream.eof()) { + std::ostringstream errout; + errout << "PARENT label not found on line " << line; + throw FileParseException(errout.str()); + } lineStream >> parentIdx; + if (lineStream.fail()) { + std::ostringstream errout; + errout << "Invalid PARENT label found on line " << line; + throw FileParseException(errout.str()); + } sgroup.setProp("PARENT", parentIdx); } else if (label == "COMPNO") { unsigned int compno; diff --git a/Code/GraphMol/SmilesParse/CXSmilesOps.cpp b/Code/GraphMol/SmilesParse/CXSmilesOps.cpp index ee58181a9..4525f67f0 100644 --- a/Code/GraphMol/SmilesParse/CXSmilesOps.cpp +++ b/Code/GraphMol/SmilesParse/CXSmilesOps.cpp @@ -692,6 +692,7 @@ template void parse_data_sgroup_attr(Iterator &first, Iterator last, SubstanceGroup &sgroup, bool keepSGroup, std::string fieldName, bool fieldIsArray = false) { + PRECONDITION(first < last); if (first != last && *first != '|') { std::string data = read_text_to(first, last, ":"); ++first; @@ -744,7 +745,7 @@ bool parse_data_sgroup(Iterator &first, Iterator last, RDKit::RWMol &mol, } parse_data_sgroup_attr(first, last, sgroup, keepSGroup, "DATAFIELDS", true); - + parse_data_sgroup_attr(first, last, sgroup, keepSGroup, "QUERYOP"); parse_data_sgroup_attr(first, last, sgroup, keepSGroup, "FIELDINFO");