summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBinh-Minh Ribler <bmribler@hdfgroup.org>2019-01-07 03:42:16 (GMT)
committerBinh-Minh Ribler <bmribler@hdfgroup.org>2019-01-07 03:42:16 (GMT)
commit820d8e34c5845f85690a4d65ca31b21fdcfd23cf (patch)
treea9cf62ad69d068f0cbd6c1c615d6cd6843cca749
parentaa62951a5fbbffa88185a58aea2b7526f5e66ce6 (diff)
downloadhdf5-820d8e34c5845f85690a4d65ca31b21fdcfd23cf.zip
hdf5-820d8e34c5845f85690a4d65ca31b21fdcfd23cf.tar.gz
hdf5-820d8e34c5845f85690a4d65ca31b21fdcfd23cf.tar.bz2
Updated per review
Description: HDFFV-10676 - CVE-2018-13873 Changed the new assert to if statement, per Dana's comment. Platforms tested: Linux/64 (jelly)
-rw-r--r--src/H5Ocache.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index 034048f..34277d1 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1404,7 +1404,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
- HDassert(id < NELMTS(H5O_msg_class_g));
+ if(id >= NELMTS(H5O_msg_class_g))
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "invalid type of current message")
if((flags & H5O_MSG_FLAG_SHAREABLE)
&& H5O_msg_class_g[id]
&& !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))