Minor cherry-pick merges to 1.12 (#2581)

11 files changed, 53 insertions, 20 deletions

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 8d73684..506c668 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@
 # Each line is a file pattern followed by one or more owners.
 
 # These owners will be the default owners for everything in the repo.
-* @lrknox @derobins @byrnHDF @fortnern @jhendersonHDF @vchoi-hdfgroup @bmribler @raylu-hdf @mattjala @brtnfld
+* @lrknox @derobins @byrnHDF @fortnern @jhendersonHDF @qkoziol @vchoi-hdfgroup @bmribler @glennsong09 @mattjala @brtnfld
 
 # Order is important. The last matching pattern has the most precedence.
 # So if a pull request only touches javascript files, only these owners
diff --git a/.github/workflows/clang-format-check.yml b/.github/workflows/clang-format-check.yml
index e8251f2..70809a1 100644
--- a/.github/workflows/clang-format-check.yml
+++ b/.github/workflows/clang-format-check.yml
@@ -8,7 +8,7 @@ jobs:
     if: "!contains(github.event.head_commit.message, 'skip-ci')"
     steps:
     - uses: actions/checkout@v3
-    - name: Run clang-format style check for C and Java programs.
+    - name: Run clang-format style check for C and Java code
       uses: DoozyX/clang-format-lint-action@v0.13
       with:
         source: '.'
diff --git a/.github/workflows/clang-format-fix.yml b/.github/workflows/clang-format-fix.yml
index c1110cf..feaa3d0 100644
--- a/.github/workflows/clang-format-fix.yml
+++ b/.github/workflows/clang-format-fix.yml
@@ -1,15 +1,24 @@
-name: clang-format Check
+# NOTE: This action requires write permissions to be set in your GitHub
+#       repo/fork for it to be able to commit changes.
+#
+# This is currently enabled via:
+#
+#   settings > Actions > General > Workflow permissions
+#
+# which you will need to set to "Read and write permissions"
+#
+name: clang-format Commit Changes
 on: 
   workflow_dispatch:
   push:
 jobs:
   formatting-check:
-    name: Formatting Check
+    name: Commit Format Changes
     runs-on: ubuntu-latest
     if: "!contains(github.event.head_commit.message, 'skip-ci')"
     steps:
     - uses: actions/checkout@v3
-    - name: Run clang-format style check for C and Java programs.
+    - name: Fix C and Java formatting issues detected by clang-format
       uses: DoozyX/clang-format-lint-action@v0.13
       with:
         source: '.'
diff --git a/doxygen/examples/tables/propertyLists.dox b/doxygen/examples/tables/propertyLists.dox
index 375fd50..e77c2fd 100644
--- a/doxygen/examples/tables/propertyLists.dox
+++ b/doxygen/examples/tables/propertyLists.dox
@@ -372,10 +372,6 @@ regarding the driver.</td>
 or retrieves information regarding driver.</td>
 </tr>
 <tr>
-<td>#H5Pset_fapl_onion/#H5Pget_fapl_onion</td>
-<td>Modifies/queries the file driver properties of the onion driver.</td>
-</tr>
-<tr>
 <td>#H5Pset_fapl_sec2</td>
 <td>Sets driver for unbuffered permanent files or retrieves information regarding driver.</td>
 </tr>
@@ -952,4 +948,4 @@ encoding for object names.</td>
 //! [acpl_table]
  *
  */
- 
\ No newline at end of file
+ 
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 23cdc36..97f137d 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -226,6 +226,19 @@ Bug Fixes since HDF5-1.12.1 release
       hyperslab selection's dataspace.
 
       (JTH - 2023/03/23)
+      
+      - Fix CVE-2021-37501 / GHSA-rfgw-5vq3-wrjf
+
+      Check for overflow when calculating on-disk attribute data size.
+
+      A bogus hdf5 file may contain dataspace messages with sizes
+      which lead to the on-disk data sizes to exceed what is addressable.
+      When calculating the size, make sure, the multiplication does not
+      overflow.
+      The test case was crafted in a way that the overflow caused the
+      size to be 0.
+
+      (EFE - 2023/02/11 GH-2458)
 
     - Seg fault on file close
 
diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index ac643ea..cb06f25 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -221,10 +221,6 @@ H5O__attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, u
     else
         p += attr->shared->ds_size;
 
-    /* Get the datatype's size */
-    if (0 == (dt_size = H5T_get_size(attr->shared->dt)))
-        HGOTO_ERROR(H5E_ATTR, H5E_CANTGET, NULL, "unable to get datatype size")
-
     /* Get the datatype & dataspace sizes */
     if (0 == (dt_size = H5T_get_size(attr->shared->dt)))
         HGOTO_ERROR(H5E_ATTR, H5E_CANTGET, NULL, "unable to get datatype size")
@@ -234,6 +230,9 @@ H5O__attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, u
 
     /* Compute the size of the data */
     H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, ds_size * (hsize_t)dt_size, hsize_t);
+    /* Check if multiplication has overflown */
+    if ((attr->shared->data_size / dt_size) != ds_size)
+        HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds addressable range")
 
     /* Go get the data */
     if (attr->shared->data_size) {
diff --git a/src/H5Ppublic.h b/src/H5Ppublic.h
index 04b8f0e..33a1df9 100644
--- a/src/H5Ppublic.h
+++ b/src/H5Ppublic.h
@@ -2321,10 +2321,13 @@ H5_DLL herr_t H5Pset_deflate(hid_t plist_id, unsigned level);
  *          (#H5Z_FILTER_DEFLATE) and the Fletcher32 error detection filter
  *          (#H5Z_FILTER_FLETCHER32).
  *
- *          The array \p c_values contains \p cd_nelmts integers which are
- *          auxiliary data for the filter. The integer values will be
- *          stored in the dataset object header as part of the filter
- *          information.
+ *          The array \p cd_values contains \p cd_nelmts unsigned integers
+ *          which are auxiliary data for the filter. The values are typically
+ *          used as parameters to control the filter. In a filter's
+ *          \p set_local method (called from \p H5Dcreate), the values are
+ *          interpreted and possibly modified before they are used to control
+ *          the filter. These, possibly modified values, are then stored in
+ *          the dataset object header as auxiliary data for the filter.
  *
  *          The \p flags argument is a bit vector with the following
  *          fields specifying certain general properties of the filter:
diff --git a/testpar/testpar.h b/testpar/testpar.h
index 6c380a9..58bcab4 100644
--- a/testpar/testpar.h
+++ b/testpar/testpar.h
@@ -30,8 +30,11 @@
  * mesg is not an empty string.
  */
 #define MESG(mesg)                                                                                           \
-    if (VERBOSE_MED && *mesg != '\0')                                                                        \
-    HDprintf("%s\n", mesg)
+    do {                                                                                                     \
+        if (VERBOSE_MED && *mesg != '\0') {                                                                  \
+            HDprintf("%s\n", mesg);                                                                          \
+        }                                                                                                    \
+    } while (0)
 
 /*
  * VRFY: Verify if the condition val is true.
diff --git a/tools/test/h5dump/CMakeTests.cmake b/tools/test/h5dump/CMakeTests.cmake
index 2505e84..be1a414 100644
--- a/tools/test/h5dump/CMakeTests.cmake
+++ b/tools/test/h5dump/CMakeTests.cmake
@@ -339,6 +339,7 @@
       ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_old.h5
       ${HDF5_TOOLS_DIR}/testfiles/tCVE_2018_11206_fill_new.h5
       ${HDF5_TOOLS_DIR}/testfiles/zerodim.h5
+      ${HDF5_TOOLS_DIR}/testfiles/tCVE-2021-37501_attr_decode.h5
       #STD_REF_OBJ files
       ${HDF5_TOOLS_DIR}/testfiles/trefer_attr.h5
       ${HDF5_TOOLS_DIR}/testfiles/trefer_compat.h5
@@ -1187,6 +1188,10 @@
   ADD_H5_TEST (tCVE_2018_11206_fill_old 1 tCVE_2018_11206_fill_old.h5)
   ADD_H5_TEST (tCVE_2018_11206_fill_new 1 tCVE_2018_11206_fill_new.h5)
 
+  # test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+  # https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+  ADD_H5_TEST (tCVE-2021-37501_attr_decode 1 tCVE-2021-37501_attr_decode.h5)
+
 ##############################################################################
 ###    P L U G I N  T E S T S
 ##############################################################################
diff --git a/tools/test/h5dump/testh5dump.sh.in b/tools/test/h5dump/testh5dump.sh.in
index 5d7ff88..ae5cc56 100644
--- a/tools/test/h5dump/testh5dump.sh.in
+++ b/tools/test/h5dump/testh5dump.sh.in
@@ -183,6 +183,7 @@ $SRC_H5DUMP_TESTFILES/tvms.h5
 $SRC_H5DUMP_TESTFILES/err_attr_dspace.h5
 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_old.h5
 $SRC_H5DUMP_TESTFILES/tCVE_2018_11206_fill_new.h5
+$SRC_H5DUMP_TESTFILES/tCVE-2021-37501_attr_decode.h5
 "
 
 LIST_OTHER_TEST_FILES="
@@ -1485,6 +1486,10 @@ TOOLTEST err_attr_dspace.ddl err_attr_dspace.h5
 TOOLTEST_FAIL tCVE_2018_11206_fill_old.h5
 TOOLTEST_FAIL tCVE_2018_11206_fill_new.h5
 
+# test to verify fix for CVE-2021-37501: multiplication overflow in H5O__attr_decode()
+# https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.assets/poc
+TOOLTEST_FAIL tCVE-2021-37501_attr_decode.h5
+
 # Clean up temporary files/directories
 CLEAN_TESTFILES_AND_TESTDIR
 
diff --git a/tools/testfiles/tCVE-2021-37501_attr_decode.h5 b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
new file mode 100644
index 0000000..331b05b
--- /dev/null
+++ b/tools/testfiles/tCVE-2021-37501_attr_decode.h5