summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBinh-Minh Ribler <bmribler@hdfgroup.org>2020-06-29 19:16:35 (GMT)
committerBinh-Minh Ribler <bmribler@hdfgroup.org>2020-06-29 19:16:35 (GMT)
commit7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f (patch)
treed7fd63ac4d7b78bccbe078af176851e29798f92a
parent785a1cef0c2ea2d1a179d86e34117ffd73aaa70d (diff)
downloadhdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.zip
hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.gz
hdf5-7c006fd7617d54ab1b97e9aa1d7d8600385f3f3f.tar.bz2
- added comment to explain a kluge
- added the associated entry to release notes
-rw-r--r--release_docs/RELEASE.txt10
-rw-r--r--src/H5Fsuper.c2
2 files changed, 11 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 72cab28..d9267e8 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -631,7 +631,15 @@ Bug Fixes since HDF5-1.10.3 release
Library
-------
- - Fixed the decoding of an attribute message to prevent a segfault by h52gif
+ - Fixed CVE-2020-10810
+
+ The tool h5clear produced a segfault during an error recovery in
+ the superblock decoding. An internal pointer was reset to prevent
+ further accessing when it is not assigned with a value.
+
+ (BMR - 2020/6/29, HDFFV-11053)
+
+ - Fixed CVE-2018-17435
The tool h52gif produced a segfault when the size of an attribute
message was corrupted and caused a buffer overflow.
diff --git a/src/H5Fsuper.c b/src/H5Fsuper.c
index 40e93ec..459a046 100644
--- a/src/H5Fsuper.c
+++ b/src/H5Fsuper.c
@@ -898,7 +898,9 @@ H5F__super_read(H5F_t *f, H5P_genplist_t *fa_plist, hbool_t initial_read)
else {
if(H5F__super_ext_remove_msg(f, H5O_FSINFO_ID) < 0)
{
+#if 1 /* when removing "KLUGE ALERT" above, tidy this up as well */ /* BMR */
f->shared->sblock = NULL;
+#endif /* BMR */
HGOTO_ERROR(H5E_FILE, H5E_CANTDELETE, FAIL, "error in removing message from superblock extension")
}