summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAllen Byrne <byrn@hdfgroup.org>2020-08-12 21:20:42 (GMT)
committerAllen Byrne <byrn@hdfgroup.org>2020-08-12 21:20:42 (GMT)
commit43b21e9bb68199ebc46ea8e465052328bcb941e4 (patch)
treee13448fab9bd1f46ab928801881d4ee1d0bbe1ef
parent358b541b2ef21a0df52981504fe48c931bfb401f (diff)
downloadhdf5-43b21e9bb68199ebc46ea8e465052328bcb941e4.zip
hdf5-43b21e9bb68199ebc46ea8e465052328bcb941e4.tar.gz
hdf5-43b21e9bb68199ebc46ea8e465052328bcb941e4.tar.bz2
HDFFV-11127 - force RTLD_LOCAL in dlopen
-rw-r--r--release_docs/RELEASE.txt25
-rw-r--r--src/H5PL.c22
2 files changed, 28 insertions, 19 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index d93413c..2bff239 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -319,9 +319,9 @@ New Features
Fortran API
-----------
- - Corrected INTERFACE INTENT(IN) to INTENT(OUT) for buf_size in h5fget_file_image_f.
-
- (MSB - 2020/2/18, HDFFV-11029)
+ - Corrected INTERFACE INTENT(IN) to INTENT(OUT) for buf_size in h5fget_file_image_f.
+
+ (MSB - 2020/2/18, HDFFV-11029)
C++ API
@@ -354,6 +354,15 @@ Bug Fixes since HDF5-1.8.21
Library
-------
+ - Explicitly declared dlopen to use RTLD_LOCAL
+
+ dlopen documentation states that f neither RTLD_GLOBAL nor
+ RTLD_LOCAL are specified, then the default behavior is unspecified.
+ The default on linux is usually RTLD_LOCAL while macos will default
+ to RTLD_GLOBAL.
+
+ (ADB - 2020/08/12, HDFFV-11127)
+
- Fixed issues CVE-2018-13870 and CVE-2018-13869
When a buffer overflow occurred because a name length was corrupted
@@ -368,7 +377,7 @@ Bug Fixes since HDF5-1.8.21
- Fixed the segmentation fault when reading attributes with multiple threads
It was reported that the reading of attributes with variable length string
- datatype will crash with segmentation fault particularly when the number of
+ datatype will crash with segmentation fault particularly when the number of
threads is high (>16 threads). The problem was due to the file pointer that
was set in the variable length string datatype for the attribute. That file
pointer was already closed when the attribute was accessed.
@@ -443,15 +452,15 @@ Bug Fixes since HDF5-1.8.21
Tools
-----
- - h5repack was fixed to repack the reference attributes properly.
- The code line that checks if the update of reference inside a compound
- datatype is misplaced outside the code block loop that carries out the
+ - h5repack was fixed to repack the reference attributes properly.
+ The code line that checks if the update of reference inside a compound
+ datatype is misplaced outside the code block loop that carries out the
check. In consequence, the next attribute that is not the reference
type was repacked again as the reference type and caused the failure of
repacking. The fix is to move the corresponding code line to the correct
code block.
- (KY -2020/02/05, HDFFV-11014)
+ (KY -2020/02/05, HDFFV-11014)
- h5repack was fixed to repack datasets with external storage
diff --git a/src/H5PL.c b/src/H5PL.c
index 5d750fa..71ff0f8 100644
--- a/src/H5PL.c
+++ b/src/H5PL.c
@@ -103,7 +103,7 @@ typedef const void *(__cdecl *H5PL_get_plugin_info_t)(void);
#define H5PL_HANDLE void *
/* Get a handle to a plugin library. Windows: TEXT macro handles Unicode strings */
-#define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY)
+#define H5PL_OPEN_DLIB(S) dlopen(S, RTLD_LAZY | RTLD_LOCAL))
/* Get the address of a symbol in dynamic library */
#define H5PL_GET_LIB_FUNC(H,N) dlsym(H,N)
@@ -173,7 +173,7 @@ static hbool_t H5PL_path_found_g = FALSE;
/* Enable all plugin libraries */
static unsigned int H5PL_plugin_g = H5PL_ALL_PLUGIN;
-
+
/*--------------------------------------------------------------------------
NAME
H5PL__init_interface -- Initialize interface-specific information
@@ -204,7 +204,7 @@ H5PL__init_interface(void)
FUNC_LEAVE_NOAPI(SUCCEED)
} /* end H5PL__init_interface() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PLset_loading_state
*
@@ -246,7 +246,7 @@ done:
FUNC_LEAVE_API(ret_value)
} /* end H5PLset_loading_state() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PLget_loading_state
*
@@ -274,7 +274,7 @@ done:
FUNC_LEAVE_API(ret_value)
} /* end H5PLget_loading_state() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL_term_interface
*
@@ -324,7 +324,7 @@ H5PL_term_interface(void)
FUNC_LEAVE_NOAPI(i)
} /* end H5PL_term_interface() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL_load
*
@@ -395,7 +395,7 @@ done:
FUNC_LEAVE_NOAPI(ret_value)
} /* end H5PL_load() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PLappend
*
@@ -704,7 +704,7 @@ done:
FUNC_LEAVE_NOAPI(ret_value)
} /* end H5PL__init_path_table() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL__find
*
@@ -838,7 +838,7 @@ done:
} /* end H5PL__find() */
#endif /* H5_HAVE_WIN32_API */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL__open
*
@@ -926,7 +926,7 @@ done:
FUNC_LEAVE_NOAPI(ret_value)
} /* end H5PL__open() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL__search_table
*
@@ -974,7 +974,7 @@ done:
FUNC_LEAVE_NOAPI(ret_value)
} /* end H5PL__search_table() */
-
+
/*-------------------------------------------------------------------------
* Function: H5PL__close
*