diff options
author | Vailin Choi <vchoi@hdfgroup.org> | 2020-03-16 19:06:57 (GMT) |
---|---|---|
committer | Vailin Choi <vchoi@hdfgroup.org> | 2020-03-16 19:06:57 (GMT) |
commit | 9c93c1bb00d4325867288b3811a6bb4907a51dde (patch) | |
tree | a0f39b3725382567ebdfc8bbd72b4c5c70f0bd5c | |
parent | 7613f7e1aa89210bb625d59d79a6220c49a1f22c (diff) | |
parent | 81b1ed4e1724b8a6a731ab2b8fb03234a8b49d15 (diff) | |
download | hdf5-9c93c1bb00d4325867288b3811a6bb4907a51dde.zip hdf5-9c93c1bb00d4325867288b3811a6bb4907a51dde.tar.gz hdf5-9c93c1bb00d4325867288b3811a6bb4907a51dde.tar.bz2 |
Merge pull request #2451 in HDFFV/hdf5 from ~VCHOI/my_third_fork:bugfix/develop_seg_fault_sel_compat to develop
* commit '81b1ed4e1724b8a6a731ab2b8fb03234a8b49d15':
Fix issues when deserializing point/all/none selection with version beyond the library's supported version: (1) Verify the decoded version before proceeding further with deserialization (2) Close the dataspace if errors occurred after opening the dataspace
-rw-r--r-- | src/H5Rint.c | 8 | ||||
-rw-r--r-- | src/H5Sall.c | 3 | ||||
-rw-r--r-- | src/H5Snone.c | 3 | ||||
-rw-r--r-- | src/H5Spkg.h | 11 | ||||
-rw-r--r-- | src/H5Spoint.c | 3 |
5 files changed, 23 insertions, 5 deletions
diff --git a/src/H5Rint.c b/src/H5Rint.c index 1df8a20..30f3dbb 100644 --- a/src/H5Rint.c +++ b/src/H5Rint.c @@ -1768,6 +1768,7 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, H5O_token_t token = { 0 }; size_t data_size; const uint8_t *p; + H5S_t *space = NULL; herr_t ret_value = SUCCEED; FUNC_ENTER_PACKAGE @@ -1788,7 +1789,6 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, if(space_ptr) { H5O_loc_t oloc; /* Object location */ - H5S_t *space = NULL; /* Initialize the object location */ H5O_loc_reset(&oloc); @@ -1812,6 +1812,12 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, done: H5MM_free(data); + + if(ret_value < 0) { + if(space && H5S_close(space) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CLOSEERROR, FAIL, "unable to release dataspace") + } + FUNC_LEAVE_NOAPI(ret_value) } /* end H5R__decode_token_region_compat() */ diff --git a/src/H5Sall.c b/src/H5Sall.c index 4a4245d..77fb582 100644 --- a/src/H5Sall.c +++ b/src/H5Sall.c @@ -690,6 +690,9 @@ H5S__all_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(*p, version); + if(version < H5S_ALL_VERSION_1 || version > H5S_ALL_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for all selection") + /* Skip over the remainder of the header */ *p += 8; diff --git a/src/H5Snone.c b/src/H5Snone.c index 0949b2a..630d1d5 100644 --- a/src/H5Snone.c +++ b/src/H5Snone.c @@ -648,6 +648,9 @@ H5S__none_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(*p, version); + if(version < H5S_NONE_VERSION_1 || version > H5S_NONE_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for none selection") + /* Skip over the remainder of the header */ *p += 8; diff --git a/src/H5Spkg.h b/src/H5Spkg.h index e139bce..da2dd4a 100644 --- a/src/H5Spkg.h +++ b/src/H5Spkg.h @@ -47,14 +47,17 @@ #define H5S_HYPER_VERSION_LATEST H5S_HYPER_VERSION_3 /* Versions for H5S_SEL_POINTS selection info */ -#define H5S_POINT_VERSION_1 1 -#define H5S_POINT_VERSION_2 2 +#define H5S_POINT_VERSION_1 1 +#define H5S_POINT_VERSION_2 2 +#define H5S_POINT_VERSION_LATEST H5S_POINT_VERSION_2 /* Versions for H5S_SEL_NONE selection info */ -#define H5S_NONE_VERSION_1 1 +#define H5S_NONE_VERSION_1 1 +#define H5S_NONE_VERSION_LATEST H5S_NONE_VERSION_1 /* Versions for H5S_SEL_ALL selection info */ -#define H5S_ALL_VERSION_1 1 +#define H5S_ALL_VERSION_1 1 +#define H5S_ALL_VERSION_LATEST H5S_ALL_VERSION_1 /* Encoded size of selection info for H5S_SEL_POINTS/H5S_SEL_HYPER */ #define H5S_SELECT_INFO_ENC_SIZE_2 0x02 /* 2 bytes: 16 bits */ diff --git a/src/H5Spoint.c b/src/H5Spoint.c index 721211e..6948125 100644 --- a/src/H5Spoint.c +++ b/src/H5Spoint.c @@ -1413,6 +1413,9 @@ H5S__point_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(pp, version); + if(version < H5S_POINT_VERSION_1 || version > H5S_POINT_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for point selection") + if(version >= (uint32_t)H5S_POINT_VERSION_2) /* Decode size of point info */ enc_size = *(pp)++; |