Replace assert() with proper error handling for user-triggerable conditions

assert() is compiled out in release builds (NDEBUG), causing silent
undefined behavior or buffer overflows when triggered by malformed input.

- consensus.c: Replace asserts on variant overlap trimming, unreachable
  overlap case, and fasta buffer bounds with error() calls
- convert.c: Replace GT type asserts with warning+skip; add allele index
  bounds checks in process_tgt and process_iupac_gt
- vcfconcat.c: Replace bgzf block size assert with error() call
- filter.c: Add NULL check for getenv("HOME") and getenv("HOMEDRIVE")/
  getenv("HOMEPATH") in expand_path()

Author: sirus20x6

consensus.c

@@ -815,7 +815,9 @@ static void apply_variant(args_t *args, bcf1_t *rec)
         // forward
         int ntrim = args->fa_frz_pos - rec->pos + 1;
         int nref  = strlen(rec->d.allele[0]);
-        assert( ntrim < nref );
+        if ( ntrim >= nref )
+            error("Error: failed to trim overlapping variant at %s:%"PRId64", ntrim=%d >= nref=%d. Is the VCF normalized?\n",
+                bcf_seqname(args->hdr,rec),(int64_t)rec->pos+1,ntrim,nref);
         rec->pos  += ntrim;
         rec->rlen -= ntrim;
         memmove(rec->d.allele[0],rec->d.allele[0]+ntrim,nref-ntrim);
@@ -853,7 +855,6 @@ static void apply_variant(args_t *args, bcf1_t *rec)
         }
         else if ( strlen(ref_allele) < -idx )   // the ref allele is shorter but overlaps the fa sequence? This should never happen
         {
-            assert(0);
             fprintf(stderr,"Warning: ignoring overlapping variant starting at %s:%"PRId64"\n", bcf_seqname(args->hdr,rec),(int64_t) rec->pos+1);
             return;
         }
@@ -1002,7 +1003,9 @@ static void apply_variant(args_t *args, bcf1_t *rec)
     if ( len_diff <= 0 )
     {
         // deletion or same size event
-        assert( args->fa_buf.l >= idx+rec->rlen );
+        if ( args->fa_buf.l < idx+rec->rlen )
+            error("Error: fasta buffer too short at %s:%"PRId64" (buf length %zu, need %"PRId64"). Is the reference fasta correct?\n",
+                bcf_seqname(args->hdr,rec),(int64_t)rec->pos+1,(size_t)args->fa_buf.l,(int64_t)(idx+rec->rlen));
         args->prev_base = args->fa_buf.s[idx+rec->rlen-1];
         args->prev_base_pos = rec->pos + rec->rlen - 1;
         args->prev_is_insert = 0;

convert.c

@@ -446,7 +446,12 @@ static void process_tgt(convert_t *convert, bcf1_t *line, fmt_t *fmt, int isampl
         return;
     }
 
-    assert( fmt->fmt->type==BCF_BT_INT8 );
+    if ( fmt->fmt->type!=BCF_BT_INT8 )
+    {
+        fprintf(stderr,"Warning: skipping GT field with unexpected type %d at %s:%"PRId64"\n", fmt->fmt->type,bcf_seqname(convert->header,line),(int64_t)line->pos+1);
+        kputc('.', str);
+        return;
+    }
 
     int l;
     int8_t *x = (int8_t*)(fmt->fmt->p + isample*fmt->fmt->size); // FIXME: does not work with n_alt >= 64
@@ -456,6 +461,12 @@ static void process_tgt(convert_t *convert, bcf1_t *line, fmt_t *fmt, int isampl
         if (x[l]>>1)
         {
             int ial = (x[l]>>1) - 1;
+            if ( ial >= line->n_allele )
+            {
+                fprintf(stderr,"Warning: allele index %d >= n_allele %d at %s:%"PRId64"\n", ial,line->n_allele,bcf_seqname(convert->header,line),(int64_t)line->pos+1);
+                kputc('.', str);
+                continue;
+            }
             kputs(line->d.allele[ial], str);
         }
         else
@@ -608,7 +619,12 @@ static void process_iupac_gt(convert_t *convert, bcf1_t *line, fmt_t *fmt, int i
         return;
     }
 
-    assert( fmt->fmt->type==BCF_BT_INT8 );
+    if ( fmt->fmt->type!=BCF_BT_INT8 )
+    {
+        fprintf(stderr,"Warning: skipping GT field with unexpected type %d at %s:%"PRId64"\n", fmt->fmt->type,bcf_seqname(convert->header,line),(int64_t)line->pos+1);
+        kputc('.', str);
+        return;
+    }
 
     static const char iupac[4][4] = { {'A','M','R','W'},{'M','C','S','Y'},{'R','S','G','K'},{'W','Y','K','T'} };
     int8_t *dat = (int8_t*)convert->dat;
@@ -633,6 +649,12 @@ static void process_iupac_gt(convert_t *convert, bcf1_t *line, fmt_t *fmt, int i
         if (x[l]>>1)
         {
             int ial = (x[l]>>1) - 1;
+            if ( ial >= line->n_allele )
+            {
+                fprintf(stderr,"Warning: allele index %d >= n_allele %d at %s:%"PRId64"\n", ial,line->n_allele,bcf_seqname(convert->header,line),(int64_t)line->pos+1);
+                kputc('.', str);
+                continue;
+            }
             kputs(line->d.allele[ial], str);
         }
         else

filter.c

@@ -389,11 +389,14 @@ char *expand_path(char *path)
         if ( !path[1] || path[1] == '/' )
         {
 #ifdef _WIN32
-            kputs(getenv("HOMEDRIVE"), &str);
-            kputs(getenv("HOMEPATH"), &str);
+            char *homedrive = getenv("HOMEDRIVE");
+            char *homepath = getenv("HOMEPATH");
+            if (homedrive) kputs(homedrive, &str);
+            if (homepath) kputs(homepath, &str);
 #else
             // ~ or ~/path
-            kputs(getenv("HOME"), &str);
+            char *home = getenv("HOME");
+            if (home) kputs(home, &str); else kputc('.', &str);
             if ( path[1] ) kputs(path+1, &str);
 #endif
         }

vcfconcat.c

@@ -939,7 +939,9 @@ static void naive_concat(args_t *args)
             if ( !nread ) break;
             if ( nread != nheader || check_header(buf)!=0 ) error("\nCould not parse the header of a bgzf block: %s\n",args->fnames[i]);
             nblock = unpackInt16(buf+16) + 1;
-            assert( nblock <= page_size && nblock >= nheader );
+            if ( nblock > page_size || nblock < nheader )
+                error("\nError: malformed bgzf block in %s: block size %"PRId64" out of valid range [%d,%d]\n",
+                    args->fnames[i],(int64_t)nblock,nheader,(int)page_size);
             nread += bgzf_raw_read(fp, buf+nheader, nblock - nheader);
             if ( nread!=nblock ) error("\nCould not read %"PRId64" bytes: %s\n",(uint64_t)nblock,args->fnames[i]);
             if ( nread==neof && !memcmp(buf,eof,neof) ) continue;