summaryrefslogtreecommitdiffstats
path: root/.clang-format
diff options
context:
space:
mode:
authorEgbert Eich <eich@suse.com>2022-11-11 05:24:56 (GMT)
committerGitHub <noreply@github.com>2022-11-11 05:24:56 (GMT)
commit1750b4b0af5158009aa2f861c65fb4bf8fc364de (patch)
tree9a9c42da178803b882a03a6602efd9c48a112c23 /.clang-format
parent659bc99fd139e16fdf47b31b635f158b72e3f5a4 (diff)
downloadhdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.zip
hdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.tar.gz
hdf5-1750b4b0af5158009aa2f861c65fb4bf8fc364de.tar.bz2
Validate location (offset) of the accumulated metadata when comparing (#2231)
Initially, the accumulated metadata location is initialized to HADDR_UNDEF - the highest available address. Bogus input files may provide a location or size matching this value. Comparing this address against such bogus values may provide false positives. This make sure, the value has been initilized or fail the comparison early and let other parts of the code deal with the bogus address/size. Note: To avoid unnecessary checks, we have assumed that if the 'dirty' member in the same structure is true the location is valid. This fixes CVE-2018-13867 / Bug #2230. Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to '.clang-format')
0 files changed, 0 insertions, 0 deletions