diff options
| author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2018-05-12 17:42:19 (GMT) |
|---|---|---|
| committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2018-05-12 17:42:19 (GMT) |
| commit | 36e81d134a6e8018c7bfb649ff7a1e039f254409 (patch) | |
| tree | fb56972e23e992753674b7789dae836230c060a9 | |
| parent | 572bc474a61b39063add8118eb5d3c6f2cdb6f93 (diff) | |
| parent | 9b953884c57d89557df93af3e0145365acb5ea89 (diff) | |
| download | hdf5-36e81d134a6e8018c7bfb649ff7a1e039f254409.zip hdf5-36e81d134a6e8018c7bfb649ff7a1e039f254409.tar.gz hdf5-36e81d134a6e8018c7bfb649ff7a1e039f254409.tar.bz2 | |
Merge branch 'hdf5_1_8' of https://bitbucket.hdfgroup.org/scm/~bmribler/hdf5_1_8_bmr into hdf5_1_8
39 files changed, 256 insertions, 142 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index eb9f0d9..ad06d40 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -155,6 +155,77 @@ Bug Fixes since HDF5-1.8.20 (DER - 2018/02/06, HDFFV-10354) + - If an HDF5 file contains a filter pipeline message which contains + a 'number of filters' field that exceeds the actual number of + filters in the message, the HDF5 C library will read off the end of + the read buffer. + + This issue was reported to The HDF Group as issue #CVE-2017-17506. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + The problem was fixed by passing the buffer size with the buffer + and ensuring that the pointer cannot be incremented off the end + of the buffer. A mismatch between the number of filters declared + and the actual number of filters will now invoke normal HDF5 + error handling. + + (DER - 2018/02/26, HDFFV-10355) + + - If an HDF5 file contains a malformed compound datatype with a + suitably large offset, the type conversion code can run off + the end of the type conversion buffer, causing a segmentation + fault. + + This issue was reported to The HDF Group as issue #CVE-2017-17507. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME + + Fixing this problem would involve updating the publicly visible + H5T_conv_t function pointer typedef and versioning the API calls + which use it. We normally only modify the public API during + major releases, so this bug will not be fixed at this time. + + (DER - 2018/02/26, HDFFV-10356) + + - If an HDF5 file contains a malformed compound type which contains + a member of size zero, a division by zero error will occur while + processing the type. + + This issue was reported to The HDF Group as issue #CVE-2017-17508. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + Checking for zero before dividing fixes the problem. Instead of the + division by zero, the normal HDF5 error handling is invoked. + + (DER - 2018/02/26, HDFFV-10357) + + - If an HDF5 file contains a malformed symbol table node that declares + it contains more symbols than it actually contains, the library + can run off the end of the metadata cache buffer while processing + the symbol table node. + + This issue was reported to The HDF Group as issue #CVE-2017-17509. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + Performing bounds checks on the buffer while processing fixes the + problem. Instead of the segmentation fault, the normal HDF5 error + handling is invoked. + + (DER - 2018/03/12, HDFFV-10358) + Configuration ------------- - CMake diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c index 33a031e..318c60d 100644 --- a/src/H5Abtree2.c +++ b/src/H5Abtree2.c @@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */ *------------------------------------------------------------------------- */ static herr_t -H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5A_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) { H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ H5A_t *attr = NULL; /* Pointer to attribute created from heap object */ @@ -172,7 +172,7 @@ H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda FUNC_ENTER_NOAPI_NOINIT /* Decode attribute information */ - if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) + if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, FAIL, "can't decode attribute") /* Compare the string values */ diff --git a/src/H5Adense.c b/src/H5Adense.c index 291f422..ab159ff 100644 --- a/src/H5Adense.c +++ b/src/H5Adense.c @@ -843,7 +843,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5A__dense_copy_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5A_fh_ud_cp_t *udata = (H5A_fh_ud_cp_t *)_udata; /* User data for fractal heap 'op' callback */ herr_t ret_value = SUCCEED; /* Return value */ @@ -857,7 +857,7 @@ H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda * HDF5 routine, it could attempt to re-protect that direct block for the * heap, causing the HDF5 routine called to fail) */ - if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) + if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, FAIL, "can't decode attribute") /* Set the creation order index for the attribute */ diff --git a/src/H5Gbtree2.c b/src/H5Gbtree2.c index 888c611..d520484 100644 --- a/src/H5Gbtree2.c +++ b/src/H5Gbtree2.c @@ -159,7 +159,7 @@ const H5B2_class_t H5G_BT2_CORDER[1]={{ /* B-tree class information */ *------------------------------------------------------------------------- */ static herr_t -H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_cmp_t *udata = (H5G_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ H5O_link_t *lnk; /* Pointer to link created from heap object */ @@ -168,7 +168,7 @@ H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda FUNC_ENTER_NOAPI_NOINIT /* Decode link information */ - if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") /* Compare the string values */ diff --git a/src/H5Gcache.c b/src/H5Gcache.c index 1ca80df..994c5bf 100644 --- a/src/H5Gcache.c +++ b/src/H5Gcache.c @@ -103,49 +103,43 @@ H5FL_SEQ_EXTERN(H5G_entry_t); /*------------------------------------------------------------------------- - * Function: H5G_node_load + * Function: H5G_node_load * - * Purpose: Loads a symbol table node from the file. + * Purpose: Loads a symbol table node from the file. * - * Return: Success: Ptr to the new table. + * Return: Success: Ptr to the new table. + * Failure: NULL * - * Failure: NULL - * - * Programmer: Robb Matzke - * matzke@llnl.gov - * Jun 23 1997 + * Programmer: Robb Matzke + * matzke@llnl.gov + * Jun 23 1997 * *------------------------------------------------------------------------- */ static H5G_node_t * H5G_node_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *udata) { - H5G_node_t *sym = NULL; - H5WB_t *wb = NULL; /* Wrapped buffer for node data */ - uint8_t node_buf[H5G_NODE_BUF_SIZE]; /* Buffer for node */ - uint8_t *node; /* Pointer to node buffer */ + H5G_node_t *sym = NULL; + H5WB_t *wb = NULL; /* Wrapped buffer for node data */ + uint8_t node_buf[H5G_NODE_BUF_SIZE]; /* Buffer for node */ + uint8_t *node; /* Pointer to node buffer */ const uint8_t *p; - H5G_node_t *ret_value; /*for error handling */ + const uint8_t *p_end; + H5G_node_t *ret_value; /* Return value */ FUNC_ENTER_NOAPI_NOINIT - /* - * Check arguments. - */ + /* Sanity checks */ HDassert(f); HDassert(H5F_addr_defined(addr)); HDassert(udata); - /* - * Initialize variables. - */ - /* Allocate symbol table data structures */ if(NULL == (sym = H5FL_CALLOC(H5G_node_t))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") sym->node_size = H5G_NODE_SIZE(f); if(NULL == (sym->entry = H5FL_SEQ_CALLOC(H5G_entry_t, (size_t)(2 * H5F_SYM_LEAF_K(f))))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Wrap the local buffer for serialized node info */ if(NULL == (wb = H5WB_wrap(node_buf, sizeof(node_buf)))) @@ -157,19 +151,24 @@ H5G_node_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *udata) /* Read the serialized symbol table node. */ if(H5F_block_read(f, H5FD_MEM_BTREE, addr, sym->node_size, dxpl_id, node) < 0) - HGOTO_ERROR(H5E_SYM, H5E_READERROR, NULL, "unable to read symbol table node") + HGOTO_ERROR(H5E_SYM, H5E_READERROR, NULL, "unable to read symbol table node") /* Get temporary pointer to serialized node */ p = node; + /* Get a pointer to the end of the node. This ensures we don't run off + * the end of the buffer if the file is corrupt. + */ + p_end = p + sym->node_size - 1; + /* magic */ if(HDmemcmp(p, H5G_NODE_MAGIC, (size_t)H5_SIZEOF_MAGIC)) - HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "bad symbol table node signature") + HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "bad symbol table node signature") p += 4; /* version */ if(H5G_NODE_VERS != *p++) - HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "bad symbol table node version") + HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "bad symbol table node version") /* reserved */ p++; @@ -178,8 +177,8 @@ H5G_node_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *udata) UINT16DECODE(p, sym->nsyms); /* entries */ - if(H5G__ent_decode_vec(f, &p, sym->entry, sym->nsyms) < 0) - HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "unable to decode symbol table entries") + if(H5G__ent_decode_vec(f, &p, p_end, sym->entry, sym->nsyms) < 0) + HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "unable to decode symbol table entries") /* Set return value */ ret_value = sym; diff --git a/src/H5Gdense.c b/src/H5Gdense.c index 9ec8951..a43939e 100644 --- a/src/H5Gdense.c +++ b/src/H5Gdense.c @@ -597,7 +597,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_lbi_t *udata = (H5G_fh_ud_lbi_t *)_udata; /* User data for fractal heap 'op' callback */ H5O_link_t *tmp_lnk = NULL; /* Temporary pointer to link */ @@ -606,7 +606,7 @@ H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo FUNC_ENTER_NOAPI_NOINIT /* Decode link information & keep a copy */ - if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") /* Copy link information */ @@ -887,7 +887,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_iterate_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_it_t *udata = (H5G_fh_ud_it_t *)_udata; /* User data for fractal heap 'op' callback */ herr_t ret_value = SUCCEED; /* Return value */ @@ -901,7 +901,7 @@ H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_u * HDF5 routine, it could attempt to re-protect that direct block for the * heap, causing the HDF5 routine called to fail - QAK) */ - if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") done: @@ -1099,7 +1099,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_gnbi_t *udata = (H5G_fh_ud_gnbi_t *)_udata; /* User data for fractal heap 'op' callback */ H5O_link_t *lnk; /* Pointer to link created from heap object */ @@ -1108,7 +1108,7 @@ H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, FUNC_ENTER_NOAPI_NOINIT /* Decode link information */ - if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") /* Get the length of the name */ @@ -1306,7 +1306,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_remove_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_rm_t *udata = (H5G_fh_ud_rm_t *)_udata; /* User data for fractal heap 'op' callback */ H5O_link_t *lnk = NULL; /* Pointer to link created from heap object */ @@ -1316,7 +1316,7 @@ H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_ud FUNC_ENTER_NOAPI_NOINIT /* Decode link information */ - if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") /* Check for removing the link from the creation order index */ @@ -1483,7 +1483,7 @@ done: *------------------------------------------------------------------------- */ static herr_t -H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) +H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) { H5G_fh_ud_rmbi_t *udata = (H5G_fh_ud_rmbi_t *)_udata; /* User data for fractal heap 'op' callback */ herr_t ret_value = SUCCEED; /* Return value */ @@ -1491,7 +1491,7 @@ H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo FUNC_ENTER_NOAPI_NOINIT /* Decode link information */ - if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) + if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, H5_ITER_ERROR, "can't decode link") /* Can't operate on link here because the fractal heap block is locked */ diff --git a/src/H5Gent.c b/src/H5Gent.c index bb6aa38..1bd8e63 100644 --- a/src/H5Gent.c +++ b/src/H5Gent.c @@ -91,7 +91,8 @@ H5FL_BLK_EXTERN(str_buf); *------------------------------------------------------------------------- */ herr_t -H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, H5G_entry_t *ent, unsigned n) +H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, const uint8_t *p_end, + H5G_entry_t *ent, unsigned n) { unsigned u; /* Local index variable */ herr_t ret_value = SUCCEED; /* Return value */ @@ -104,9 +105,12 @@ H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, H5G_entry_t *ent, unsign HDassert(ent); /* decode entries */ - for(u = 0; u < n; u++) + for(u = 0; u < n; u++) { + if(*pp > p_end) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "ran off the end of the buffer") if(H5G_ent_decode(f, pp, ent + u) < 0) HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode") + } done: FUNC_LEAVE_NOAPI(ret_value) diff --git a/src/H5Gpkg.h b/src/H5Gpkg.h index 07aff02..f49ef26 100644 --- a/src/H5Gpkg.h +++ b/src/H5Gpkg.h @@ -1,4 +1,4 @@ -/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * +/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Copyright by The HDF Group. * * Copyright by the Board of Trustees of the University of Illinois. * * All rights reserved. * @@ -400,9 +400,9 @@ H5_DLL void H5G__ent_copy(H5G_entry_t *dst, const H5G_entry_t *src, H5_copy_depth_t depth); H5_DLL void H5G__ent_reset(H5G_entry_t *ent); H5_DLL herr_t H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, - H5G_entry_t *ent, unsigned n); + const uint8_t *p_end, H5G_entry_t *ent, unsigned n); H5_DLL herr_t H5G__ent_encode_vec(const H5F_t *f, uint8_t **pp, - const H5G_entry_t *ent, unsigned n); + const H5G_entry_t *ent, unsigned n); H5_DLL herr_t H5G__ent_convert(H5F_t *f, hid_t dxpl_id, H5HL_t *heap, const char *name, const H5O_link_t *lnk, H5O_type_t obj_type, const void *crt_info, H5G_entry_t *ent); diff --git a/src/H5HFcache.c b/src/H5HFcache.c index f0d251c..0d25dbf 100644 --- a/src/H5HFcache.c +++ b/src/H5HFcache.c @@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata) UINT32DECODE(p, hdr->pline_root_direct_filter_mask); /* Decode I/O filter information */ - if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, p))) + if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, hdr->filter_len, p))) HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters") p += hdr->filter_len; diff --git a/src/H5Oainfo.c b/src/H5Oainfo.c index e85df44..5aab4c6 100644 --- a/src/H5Oainfo.c +++ b/src/H5Oainfo.c @@ -34,7 +34,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_ainfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_ainfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_ainfo_copy(const void *_mesg, void *_dest); static size_t H5O_ainfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -104,7 +104,8 @@ H5FL_DEFINE_STATIC(H5O_ainfo_t); */ static void * H5O_ainfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_ainfo_t *ainfo = NULL; /* Attribute info */ unsigned char flags; /* Flags for encoding attribute info */ diff --git a/src/H5Oattr.c b/src/H5Oattr.c index 149f04a..c2c0fe3 100644 --- a/src/H5Oattr.c +++ b/src/H5Oattr.c @@ -26,7 +26,7 @@ /* PRIVATE PROTOTYPES */ static herr_t H5O_attr_encode(H5F_t *f, uint8_t *p, const void *mesg); static void *H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static void *H5O_attr_copy(const void *_mesg, void *_dest); static size_t H5O_attr_size(const H5F_t *f, const void *_mesg); static herr_t H5O_attr_free(void *mesg); @@ -121,7 +121,7 @@ H5FL_EXTERN(H5S_extent_t); --------------------------------------------------------------------------*/ static void * H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, - unsigned *ioflags, const uint8_t *p) + unsigned *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5A_t *attr = NULL; H5S_extent_t *extent; /*extent dimensionality information */ @@ -182,7 +182,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED /* Decode the attribute's datatype */ if(NULL == (attr->shared->dt = (H5T_t *)(H5O_MSG_DTYPE->decode)(f, dxpl_id, open_oh, - ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p))) + ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->dt_size, p))) HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute datatype") if(attr->shared->version < H5O_ATTR_VERSION_2) p += H5O_ALIGN_OLD(attr->shared->dt_size); @@ -197,7 +197,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED /* Decode attribute's dataspace extent */ if((extent = (H5S_extent_t *)(H5O_MSG_SDSPACE->decode)(f, dxpl_id, open_oh, - ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p)) == NULL) + ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->ds_size, p)) == NULL) HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute dataspace") /* Copy the extent information to the dataspace */ diff --git a/src/H5Obogus.c b/src/H5Obogus.c index 7a058b2..ba9a8ad 100644 --- a/src/H5Obogus.c +++ b/src/H5Obogus.c @@ -37,7 +37,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_bogus_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_bogus_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static size_t H5O_bogus_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); static herr_t H5O_bogus_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, FILE * stream, @@ -110,7 +110,8 @@ const H5O_msg_class_t H5O_MSG_BOGUS_INVALID[1] = {{ */ static void * H5O_bogus_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_bogus_t *mesg = NULL; void *ret_value; /* Return value */ diff --git a/src/H5Obtreek.c b/src/H5Obtreek.c index 70aacc7..6bcdcc3 100644 --- a/src/H5Obtreek.c +++ b/src/H5Obtreek.c @@ -27,7 +27,7 @@ #include "H5MMprivate.h" /* Memory management */ static void *H5O_btreek_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_btreek_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_btreek_copy(const void *_mesg, void *_dest); static size_t H5O_btreek_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -78,7 +78,8 @@ const H5O_msg_class_t H5O_MSG_BTREEK[1] = {{ */ static void * H5O_btreek_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_btreek_t *mesg; /* Native message */ void *ret_value; /* Return value */ diff --git a/src/H5Ocache.c b/src/H5Ocache.c index ebae3f5..39f3ca3 100644 --- a/src/H5Ocache.c +++ b/src/H5Ocache.c @@ -1288,7 +1288,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, unsigned ioflags = 0; /* Flags for decode routine */ /* Decode continuation message */ - cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); + cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); cont->chunkno = udata->cont_msg_info->nmsgs + 1; /*the next continuation message/chunk */ /* Save 'native' form of continuation message */ @@ -1312,7 +1312,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, /* Decode ref. count message */ HDassert(oh->version > H5O_VERSION_1); - refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); + refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); /* Save 'native' form of ref. count message */ oh->mesg[curmesg].native = refcount; diff --git a/src/H5Ocont.c b/src/H5Ocont.c index 681f54a..b91b181 100644 --- a/src/H5Ocont.c +++ b/src/H5Ocont.c @@ -36,7 +36,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_cont_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_cont_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static size_t H5O_cont_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); static herr_t H5O_cont_free(void *mesg); @@ -89,7 +89,8 @@ H5FL_DEFINE(H5O_cont_t); */ static void * H5O_cont_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_cont_t *cont = NULL; void *ret_value; diff --git a/src/H5Odrvinfo.c b/src/H5Odrvinfo.c index 6f715f8..fd8ad6b 100644 --- a/src/H5Odrvinfo.c +++ b/src/H5Odrvinfo.c @@ -27,7 +27,7 @@ #include "H5MMprivate.h" /* Memory management */ static void *H5O_drvinfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_drvinfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_drvinfo_copy(const void *_mesg, void *_dest); static size_t H5O_drvinfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -79,7 +79,8 @@ const H5O_msg_class_t H5O_MSG_DRVINFO[1] = {{ */ static void * H5O_drvinfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_drvinfo_t *mesg; /* Native message */ void *ret_value; /* Return value */ diff --git a/src/H5Odtype.c b/src/H5Odtype.c index 774b071..85fbef4 100644 --- a/src/H5Odtype.c +++ b/src/H5Odtype.c @@ -29,7 +29,7 @@ /* PRIVATE PROTOTYPES */ static herr_t H5O_dtype_encode(H5F_t *f, uint8_t *p, const void *mesg); static void *H5O_dtype_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static void *H5O_dtype_copy(const void *_mesg, void *_dest); static size_t H5O_dtype_size(const H5F_t *f, const void *_mesg); static herr_t H5O_dtype_reset(void *_mesg); @@ -1093,7 +1093,7 @@ done: --------------------------------------------------------------------------*/ static void * H5O_dtype_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, - unsigned *ioflags/*in,out*/, const uint8_t *p) + unsigned *ioflags/*in,out*/, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5T_t *dt = NULL; void *ret_value; /* Return value */ diff --git a/src/H5Oefl.c b/src/H5Oefl.c index 218d250..546eb4f 100644 --- a/src/H5Oefl.c +++ b/src/H5Oefl.c @@ -28,7 +28,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_efl_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_efl_copy(const void *_mesg, void *_dest); static size_t H5O_efl_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -88,7 +88,8 @@ const H5O_msg_class_t H5O_MSG_EFL[1] = {{ */ static void * H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_efl_t *mesg = NULL; int version; diff --git a/src/H5Ofill.c b/src/H5Ofill.c index 721c648..70704c5 100644 --- a/src/H5Ofill.c +++ b/src/H5Ofill.c @@ -32,11 +32,11 @@ static void *H5O_fill_old_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_fill_old_encode(H5F_t *f, uint8_t *p, const void *_mesg); static size_t H5O_fill_old_size(const H5F_t *f, const void *_mesg); static void *H5O_fill_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_fill_new_encode(H5F_t *f, uint8_t *p, const void *_mesg); static size_t H5O_fill_new_size(const H5F_t *f, const void *_mesg); static void *H5O_fill_copy(const void *_mesg, void *_dest); @@ -183,7 +183,8 @@ H5FL_BLK_EXTERN(type_conv); */ static void * H5O_fill_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_fill_t *fill = NULL; void *ret_value; @@ -297,7 +298,8 @@ done: */ static void * H5O_fill_old_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_fill_t *fill = NULL; /* Decoded fill value message */ void *ret_value; /* Return value */ diff --git a/src/H5Oginfo.c b/src/H5Oginfo.c index d8be51f..8ba1f71 100644 --- a/src/H5Oginfo.c +++ b/src/H5Oginfo.c @@ -32,7 +32,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_ginfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_ginfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_ginfo_copy(const void *_mesg, void *_dest); static size_t H5O_ginfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -94,7 +94,8 @@ H5FL_DEFINE_STATIC(H5O_ginfo_t); */ static void * H5O_ginfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_ginfo_t *ginfo = NULL; /* Pointer to group information message */ unsigned char flags; /* Flags for encoding group info */ diff --git a/src/H5Olayout.c b/src/H5Olayout.c index 17385c2..3f5076c 100644 --- a/src/H5Olayout.c +++ b/src/H5Olayout.c @@ -35,7 +35,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_layout_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_layout_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_layout_copy(const void *_mesg, void *_dest); static size_t H5O_layout_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -95,7 +95,8 @@ H5FL_DEFINE(H5O_layout_t); */ static void * H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_layout_t *mesg = NULL; unsigned u; diff --git a/src/H5Olinfo.c b/src/H5Olinfo.c index 03e545f..a612ae5 100644 --- a/src/H5Olinfo.c +++ b/src/H5Olinfo.c @@ -36,7 +36,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_linfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_linfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_linfo_copy(const void *_mesg, void *_dest); static size_t H5O_linfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -113,7 +113,8 @@ H5FL_DEFINE_STATIC(H5O_linfo_t); */ static void * H5O_linfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_linfo_t *linfo = NULL; /* Link info */ unsigned char index_flags; /* Flags for encoding link index info */ diff --git a/src/H5Olink.c b/src/H5Olink.c index 1b57f22..c0dd1d8 100644 --- a/src/H5Olink.c +++ b/src/H5Olink.c @@ -38,7 +38,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_link_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_link_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_link_copy(const void *_mesg, void *_dest); static size_t H5O_link_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -117,7 +117,8 @@ H5FL_DEFINE_STATIC(H5O_link_t); */ static void * H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_link_t *lnk = NULL; /* Pointer to link message */ size_t len = 0; /* Length of a string in the message */ diff --git a/src/H5Omessage.c b/src/H5Omessage.c index b6d2876..a2e4e88 100644 --- a/src/H5Omessage.c +++ b/src/H5Omessage.c @@ -1821,7 +1821,7 @@ done: */ void * H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, - const unsigned char *buf) + size_t buf_size, const unsigned char *buf) { const H5O_msg_class_t *type; /* Actual H5O class type for the ID */ void *ret_value; /* Return value */ @@ -1836,7 +1836,7 @@ H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, HDassert(type); /* decode */ - if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf)) == NULL) + if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf_size, buf)) == NULL) HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode message") done: diff --git a/src/H5Omtime.c b/src/H5Omtime.c index 46dd499..e4db09b 100644 --- a/src/H5Omtime.c +++ b/src/H5Omtime.c @@ -27,12 +27,12 @@ static void *H5O_mtime_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_mtime_new_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static size_t H5O_mtime_new_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); static void *H5O_mtime_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_mtime_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_mtime_copy(const void *_mesg, void *_dest); static size_t H5O_mtime_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -118,7 +118,8 @@ H5FL_DEFINE(time_t); */ static void * H5O_mtime_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { time_t *mesg; uint32_t tmp_time; /* Temporary copy of the time */ @@ -171,7 +172,8 @@ done: */ static void * H5O_mtime_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { time_t *mesg, the_time; int i; diff --git a/src/H5Oname.c b/src/H5Oname.c index 007e20f..5248168 100644 --- a/src/H5Oname.c +++ b/src/H5Oname.c @@ -32,7 +32,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_name_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_name_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_name_copy(const void *_mesg, void *_dest); static size_t H5O_name_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -83,7 +83,8 @@ const H5O_msg_class_t H5O_MSG_NAME[1] = {{ */ static void * H5O_name_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_name_t *mesg; void *ret_value; /* Return value */ diff --git a/src/H5Opkg.h b/src/H5Opkg.h index cd585be..f4b8014 100644 --- a/src/H5Opkg.h +++ b/src/H5Opkg.h @@ -186,7 +186,7 @@ \ /* Decode the message */ \ HDassert(msg_type->decode); \ - if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw))) \ + if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw_size, (MSG)->raw))) \ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, ERR, "unable to decode message") \ \ /* Mark the message dirty if it was changed by decoding */ \ @@ -222,7 +222,7 @@ struct H5O_msg_class_t { const char *name; /*for debugging */ size_t native_size; /*size of native message */ unsigned share_flags; /* Message sharing settings */ - void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, const uint8_t *); + void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, size_t, const uint8_t *); herr_t (*encode)(H5F_t *, hbool_t, uint8_t *, const void *); void *(*copy)(const void *, void *); /*copy native value */ size_t (*raw_size)(const H5F_t *, hbool_t, const void *);/*sizeof encoded message */ diff --git a/src/H5Opline.c b/src/H5Opline.c index fb08431..adaee33 100644 --- a/src/H5Opline.c +++ b/src/H5Opline.c @@ -33,7 +33,7 @@ /* PRIVATE PROTOTYPES */ static herr_t H5O_pline_encode(H5F_t *f, uint8_t *p, const void *mesg); static void *H5O_pline_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static void *H5O_pline_copy(const void *_mesg, void *_dest); static size_t H5O_pline_size(const H5F_t *f, const void *_mesg); static herr_t H5O_pline_reset(void *_mesg); @@ -108,13 +108,15 @@ H5FL_DEFINE(H5O_pline_t); */ static void * H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t p_size, const uint8_t *p) { H5O_pline_t *pline = NULL; /* Pipeline message */ H5Z_filter_info_t *filter; /* Filter to decode */ size_t name_length; /* Length of filter name */ size_t i; /* Local index variable */ - void *ret_value; /* Return value */ + const uint8_t *p_end = p + p_size - 1; /* End of the p buffer */ + void *ret_value = NULL; /* Return value */ FUNC_ENTER_NOAPI_NOINIT @@ -123,12 +125,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 /* Allocate space for I/O pipeline message */ if(NULL == (pline = H5FL_CALLOC(H5O_pline_t))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Version */ pline->version = *p++; if(pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST) - HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") + HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") /* Number of filters */ pline->nused = *p++; @@ -149,12 +151,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 /* Allocate array for filters */ pline->nalloc = pline->nused; if(NULL == (pline->filter = (H5Z_filter_info_t *)H5MM_calloc(pline->nalloc * sizeof(pline->filter[0])))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Decode filters */ for(i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) { /* Filter ID */ - UINT16DECODE(p, filter->id); + UINT16DECODE(p, filter->id); /* Length of filter name */ if(pline->version > H5O_PLINE_VERSION_1 && filter->id < H5Z_FILTER_RESERVED) @@ -166,18 +168,18 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 } /* end if */ /* Filter flags */ - UINT16DECODE(p, filter->flags); + UINT16DECODE(p, filter->flags); /* Number of filter parameters ("client data elements") */ - UINT16DECODE(p, filter->cd_nelmts); + UINT16DECODE(p, filter->cd_nelmts); /* Filter name, if there is one */ - if(name_length) { + if(name_length) { size_t actual_name_length; /* Actual length of name */ /* Determine actual name length (without padding, but with null terminator) */ - actual_name_length = HDstrlen((const char *)p) + 1; - HDassert(actual_name_length <= name_length); + actual_name_length = HDstrlen((const char *)p) + 1; + HDassert(actual_name_length <= name_length); /* Allocate space for the filter name, or use the internal buffer */ if(actual_name_length > H5Z_COMMON_NAME_LEN) { @@ -188,12 +190,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 else filter->name = filter->_name; - HDstrncpy(filter->name, (const char *)p, actual_name_length); - p += name_length; - } /* end if */ + HDstrncpy(filter->name, (const char *)p, actual_name_length); + p += name_length; + } /* end if */ /* Filter parameters */ - if(filter->cd_nelmts) { + if(filter->cd_nelmts) { size_t j; /* Local index variable */ /* Allocate space for the client data elements, or use the internal buffer */ @@ -205,15 +207,20 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 else filter->cd_values = filter->_cd_values; - /* - * Read the client data values and the padding - */ - for(j = 0; j < filter->cd_nelmts; j++) - UINT32DECODE(p, filter->cd_values[j]); + /* + * Read the client data values and the padding + */ + for (j = 0; j < filter->cd_nelmts; j++) { + if (p + 4 - 1 <= p_end) + UINT32DECODE(p, filter->cd_values[j]) + else + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_size = %zu, p_end = %p", p, p_size, p_end) + } + if(pline->version == H5O_PLINE_VERSION_1) if(filter->cd_nelmts % 2) p += 4; /*padding*/ - } /* end if */ + } /* end if */ } /* end for */ /* Set return value */ diff --git a/src/H5Oprivate.h b/src/H5Oprivate.h index ca0fc8e..1f51705 100644 --- a/src/H5Oprivate.h +++ b/src/H5Oprivate.h @@ -710,7 +710,7 @@ H5_DLL herr_t H5O_msg_get_crt_index(unsigned type_id, const void *mesg, H5_DLL herr_t H5O_msg_encode(H5F_t *f, unsigned type_id, hbool_t disable_shared, unsigned char *buf, const void *obj); H5_DLL void* H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned type_id, const unsigned char *buf); + unsigned type_id, size_t buf_size, const unsigned char *buf); H5_DLL herr_t H5O_msg_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, void *mesg); H5_DLL int H5O_msg_get_chunkno(const H5O_loc_t *loc, unsigned type_id, hid_t dxpl_id); diff --git a/src/H5Orefcount.c b/src/H5Orefcount.c index 22b1a02..78ff791 100644 --- a/src/H5Orefcount.c +++ b/src/H5Orefcount.c @@ -32,7 +32,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_refcount_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_refcount_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_refcount_copy(const void *_mesg, void *_dest); static size_t H5O_refcount_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -89,7 +89,8 @@ H5FL_DEFINE_STATIC(H5O_refcount_t); */ static void * H5O_refcount_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_refcount_t *refcount = NULL; /* Reference count */ void *ret_value; /* Return value */ diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c index 557a44b..627ea19 100644 --- a/src/H5Osdspace.c +++ b/src/H5Osdspace.c @@ -26,7 +26,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_sdspace_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg); static void *H5O_sdspace_copy(const void *_mesg, void *_dest); static size_t H5O_sdspace_size(const H5F_t *f, const void *_mesg); @@ -110,7 +110,8 @@ H5FL_ARR_EXTERN(hsize_t); --------------------------------------------------------------------------*/ static void * H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5S_extent_t *sdim = NULL;/* New extent dimensionality structure */ void *ret_value; diff --git a/src/H5Oshared.c b/src/H5Oshared.c index 0d692f9..2475dd5 100644 --- a/src/H5Oshared.c +++ b/src/H5Oshared.c @@ -156,7 +156,7 @@ H5O_shared_read(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned *ioflags, HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "can't read message from fractal heap.") /* Decode the message */ - if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_ptr))) + if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_size, mesg_ptr))) HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "can't decode shared message.") } /* end if */ else { diff --git a/src/H5Oshared.h b/src/H5Oshared.h index f71f5f6..e60d7ba 100644 --- a/src/H5Oshared.h +++ b/src/H5Oshared.h @@ -47,7 +47,7 @@ */ static H5_INLINE void * H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, - unsigned *ioflags, const uint8_t *p) + unsigned *ioflags, size_t p_size, const uint8_t *p) { void *ret_value; /* Return value */ @@ -67,7 +67,7 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, if(mesg_flags & H5O_MSG_FLAG_SHARED) { /* Retrieve native message info indirectly through shared message */ if(NULL == (ret_value = H5O_shared_decode(f, dxpl_id, open_oh, ioflags, p, H5O_SHARED_TYPE))) - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") /* We currently do not support automatically fixing shared messages */ #ifdef H5_STRICT_FORMAT_CHECKS @@ -79,8 +79,8 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, } /* end if */ else { /* Decode native message directly */ - if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p))) - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") + if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p_size, p))) + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") } /* end else */ done: diff --git a/src/H5Oshmesg.c b/src/H5Oshmesg.c index 536f67e..489114a 100644 --- a/src/H5Oshmesg.c +++ b/src/H5Oshmesg.c @@ -27,7 +27,7 @@ #include "H5MMprivate.h" /* Memory management */ static void *H5O_shmesg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_shmesg_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_shmesg_copy(const void *_mesg, void *_dest); static size_t H5O_shmesg_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -75,7 +75,8 @@ const H5O_msg_class_t H5O_MSG_SHMESG[1] = {{ */ static void * H5O_shmesg_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_shmesg_table_t *mesg; /* Native message */ void *ret_value; /* Return value */ diff --git a/src/H5Ostab.c b/src/H5Ostab.c index 928307e..cf8c96a 100644 --- a/src/H5Ostab.c +++ b/src/H5Ostab.c @@ -35,7 +35,7 @@ /* PRIVATE PROTOTYPES */ static void *H5O_stab_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); + unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); static herr_t H5O_stab_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); static void *H5O_stab_copy(const void *_mesg, void *_dest); static size_t H5O_stab_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); @@ -96,7 +96,8 @@ H5FL_DEFINE_STATIC(H5O_stab_t); */ static void * H5O_stab_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, + size_t H5_ATTR_UNUSED p_size, const uint8_t *p) { H5O_stab_t *stab = NULL; void *ret_value; /* Return value */ @@ -1644,7 +1644,7 @@ H5S_decode(const unsigned char *buf) /* Decode the extent part of dataspace */ /* (pass mostly bogus file pointer and bogus DXPL) */ - if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, buf))==NULL) + if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, extent_size, buf))==NULL) HGOTO_ERROR(H5E_DATASPACE, H5E_CANTDECODE, NULL, "can't decode object") buf += extent_size; @@ -69,7 +69,7 @@ static herr_t H5SM_write_mesg(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, static herr_t H5SM_decr_ref(void *record, void *op_data, hbool_t *changed); static herr_t H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5SM_index_header_t *header, const H5O_shared_t * mesg, - unsigned *cache_flags, void ** /*out*/ encoded_mesg); + unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg); static herr_t H5SM_type_to_flag(unsigned type_id, unsigned *type_flag); static herr_t H5SM_read_iter_op(H5O_t *oh, H5O_mesg_t *mesg, unsigned sequence, unsigned *oh_modified, void *_udata); @@ -1518,6 +1518,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) unsigned cache_flags = H5AC__NO_FLAGS_SET; H5SM_table_cache_ud_t cache_udata; /* User-data for callback */ ssize_t index_num; + size_t mesg_size = 0; void *mesg_buf = NULL; void *native_mesg = NULL; unsigned type_id; /* Message type ID to operate on */ @@ -1547,8 +1548,8 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) * zero and any file space it uses needs to be freed. mesg_buf holds the * serialized form of the message. */ - if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_buf) < 0) - HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") + if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_size, &mesg_buf) < 0) + HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") /* Release the master SOHM table */ if(H5AC_unprotect(f, dxpl_id, H5AC_SOHM_TABLE, H5F_SOHM_ADDR(f), table, cache_flags) < 0) @@ -1560,7 +1561,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) * master table needs to be unprotected when we do this. */ if(mesg_buf) { - if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, (const unsigned char *)mesg_buf))) + if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, mesg_size, (const unsigned char *)mesg_buf))) HGOTO_ERROR(H5E_SOHM, H5E_CANTDECODE, FAIL, "can't decode shared message.") if(H5O_msg_delete(f, dxpl_id, open_oh, type_id, native_mesg) < 0) @@ -1747,7 +1748,7 @@ H5SM_decr_ref(void *record, void *op_data, hbool_t *changed) static herr_t H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5SM_index_header_t *header, const H5O_shared_t *mesg, - unsigned *cache_flags, void ** /*out*/ encoded_mesg) + unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg) { H5SM_list_t *list = NULL; H5SM_mesg_key_t key; @@ -1879,6 +1880,7 @@ H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, /* Return the message's encoding so anything it references can be freed */ *encoded_mesg = encoding_buf; + *mesg_size = buf_size; /* If there are no messages left in the index, delete it */ if(header->num_messages == 0) { @@ -1920,8 +1922,10 @@ done: /* Free the message encoding, if we're not returning it in encoded_mesg * or if there's been an error. */ - if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) + if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) { encoding_buf = H5MM_xfree(encoding_buf); + *mesg_size = 0; + } FUNC_LEAVE_NOAPI(ret_value) } /* end H5SM_delete_from_index() */ @@ -298,8 +298,6 @@ static herr_t H5T_unregister(H5T_pers_t pers, const char *name, H5T_t *src, static herr_t H5T_register(H5T_pers_t pers, const char *name, H5T_t *src, H5T_t *dst, H5T_conv_t func, hid_t dxpl_id, hbool_t api_call); static htri_t H5T_compiler_conv(H5T_t *src, H5T_t *dst); -static herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); -static H5T_t *H5T_decode(const unsigned char *buf); static herr_t H5T_set_size(H5T_t *dt, size_t size); @@ -2801,8 +2799,13 @@ H5Tdecode(const void *buf) if(buf == NULL) HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "empty buffer") - /* Create datatype by decoding buffer */ - if(NULL == (dt = H5T_decode((const unsigned char *)buf))) + /* Create datatype by decoding buffer + * There is no way to get the size of the buffer, so we pass in + * SIZE_MAX and assume the caller knows what they are doing. + * Really fixing this will require an H5Tdecode2() call that + * takes a size parameter. + */ + if(NULL == (dt = H5T_decode(SIZE_MAX, (const unsigned char *)buf))) HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "can't decode object") /* Register the type and return the ID */ @@ -2834,7 +2837,7 @@ done: * *------------------------------------------------------------------------- */ -static herr_t +herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc) { size_t buf_size; /* Encoded size of datatype */ @@ -2890,8 +2893,8 @@ done: * *------------------------------------------------------------------------- */ -static H5T_t * -H5T_decode(const unsigned char *buf) +H5T_t * +H5T_decode(size_t buf_size, const unsigned char *buf) { H5F_t *f = NULL; /* Fake file structure*/ H5T_t *ret_value = NULL; /* Return value */ @@ -2911,7 +2914,7 @@ H5T_decode(const unsigned char *buf) HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype") /* Decode the serialized datatype message */ - if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf))) + if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object") /* Mark datatype as being in memory now */ @@ -5171,6 +5174,11 @@ H5T_set_loc(H5T_t *dt, H5F_t *f, H5T_loc_t loc) /* Check if the field changed size */ if(old_size != memb_type->shared->size) { + + /* Fail if the old_size is zero */ + if (0 == old_size) + HGOTO_ERROR(H5E_DATATYPE, H5E_BADVALUE, FAIL, "old_size of zero would cause division by zero"); + /* Adjust the size of the member */ dt->shared->u.compnd.memb[i].size = (dt->shared->u.compnd.memb[i].size*memb_type->shared->size)/old_size; diff --git a/src/H5Tprivate.h b/src/H5Tprivate.h index 81af056..f519141 100644 --- a/src/H5Tprivate.h +++ b/src/H5Tprivate.h @@ -112,6 +112,8 @@ H5_DLL H5T_class_t H5T_get_class(const H5T_t *dt, htri_t internal); H5_DLL htri_t H5T_detect_class(const H5T_t *dt, H5T_class_t cls, hbool_t from_api); H5_DLL size_t H5T_get_size(const H5T_t *dt); H5_DLL int H5T_cmp(const H5T_t *dt1, const H5T_t *dt2, hbool_t superset); +H5_DLL herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); +H5_DLL H5T_t *H5T_decode(size_t buf_size, const unsigned char *buf); H5_DLL herr_t H5T_debug(const H5T_t *dt, FILE * stream); H5_DLL struct H5O_loc_t *H5T_oloc(H5T_t *dt); H5_DLL H5G_name_t *H5T_nameof(H5T_t *dt); |