diff options
author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2023-08-31 23:30:50 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-31 23:30:50 (GMT) |
commit | 2e361e40eeeac9534c60b7c8aebf6be8601154f8 (patch) | |
tree | 56828d63fdc04b53a65e7c87a4ec488ad8cc7641 | |
parent | 1ddc2e906ac59d3916ec23a2400227654ccde4dd (diff) | |
download | hdf5-2e361e40eeeac9534c60b7c8aebf6be8601154f8.zip hdf5-2e361e40eeeac9534c60b7c8aebf6be8601154f8.tar.gz hdf5-2e361e40eeeac9534c60b7c8aebf6be8601154f8.tar.bz2 |
Revert "Fix CVE-2018-11202 (#3452)" (#3478)
This reverts commit 1ddc2e906ac59d3916ec23a2400227654ccde4dd.
This CVE fix triggers a difficult to reproduce Java test error. This may
be due to uninitialized bytes in the 128 bit float test that precedes
it.
-rw-r--r-- | release_docs/RELEASE.txt | 14 | ||||
-rw-r--r-- | src/H5Dchunk.c | 15 |
2 files changed, 1 insertions, 28 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 5dc8bf5..668c648 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -135,20 +135,6 @@ Bug Fixes since HDF5-1.10.10 release =================================== Library ------- - - Fixed CVE-2018-11202 - - A malformed file could result in chunk index memory leaks. Under most - conditions (i.e., when the --enable-using-memchecker option is NOT - used), this would result in a small memory leak and and infinite loop - and abort when shutting down the library. The infinite loop would be - due to the "free list" package not being able to clear its resources - so the library couldn't shut down. When the "using a memory checker" - option is used, the free lists are disabled so there is just a memory - leak with no abort on library shutdown. - - The chunk index resources are now correctly cleaned up when reading - misparsed files and valgrind confirms no memory leaks. - - Fixed an assertion in a previous fix for CVE-2016-4332 An assert could fail when processing corrupt files that have invalid diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c index bea84a9..a3fcc49 100644 --- a/src/H5Dchunk.c +++ b/src/H5Dchunk.c @@ -700,12 +700,9 @@ H5D__chunk_set_info_real(H5O_layout_chunk_t *layout, unsigned ndims, const hsize /* Sanity checks */ HDassert(layout); + HDassert(ndims > 0); HDassert(curr_dims); - /* Can happen when corrupt files are parsed */ - if (ndims == 0) - HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "number of dimensions cannot be zero") - /* Compute the # of chunks in dataset dimensions */ for (u = 0, layout->nchunks = 1, layout->max_nchunks = 1; u < ndims; u++) { /* Round up to the next integer # of chunks, to accommodate partial chunks */ @@ -917,7 +914,6 @@ H5D__chunk_init(H5F_t *f, const H5D_t *const dset, hid_t dapl_id) H5D_rdcc_t *rdcc = &(dset->shared->cache.chunk); /* Convenience pointer to dataset's chunk cache */ H5P_genplist_t *dapl; /* Data access property list object pointer */ H5O_storage_chunk_t *sc = &(dset->shared->layout.storage.u.chunk); - hbool_t idx_init = FALSE; herr_t ret_value = SUCCEED; /* Return value */ FUNC_ENTER_STATIC @@ -993,21 +989,12 @@ H5D__chunk_init(H5F_t *f, const H5D_t *const dset, hid_t dapl_id) /* Allocate any indexing structures */ if (sc->ops->init && (sc->ops->init)(&idx_info, dset->shared->space, dset->oloc.addr) < 0) HGOTO_ERROR(H5E_DATASET, H5E_CANTINIT, FAIL, "can't initialize indexing information") - idx_init = TRUE; /* Set the number of chunks in dataset, etc. */ if (H5D__chunk_set_info(dset) < 0) HGOTO_ERROR(H5E_DATASET, H5E_CANTINIT, FAIL, "unable to set # of chunks for dataset") done: - if (FAIL == ret_value) { - if (rdcc->slot) - rdcc->slot = H5FL_SEQ_FREE(H5D_rdcc_ent_ptr_t, rdcc->slot); - - if (idx_init && sc->ops->dest && (sc->ops->dest)(&idx_info) < 0) - HDONE_ERROR(H5E_DATASET, H5E_CANTFREE, FAIL, "unable to release chunk index info"); - } - FUNC_LEAVE_NOAPI(ret_value) } /* end H5D__chunk_init() */ |