diff options
author | vchoi-hdfgroup <55293060+vchoi-hdfgroup@users.noreply.github.com> | 2022-12-16 21:47:29 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-16 21:47:29 (GMT) |
commit | 6b6bcdead66f0456ac0528683faac6a8e48b6565 (patch) | |
tree | 087869b18288912c635bda28a7a89d03d774ae23 | |
parent | 0e76abaf64f27efb8e28f4fc67057fd0a51be361 (diff) | |
download | hdf5-6b6bcdead66f0456ac0528683faac6a8e48b6565.zip hdf5-6b6bcdead66f0456ac0528683faac6a8e48b6565.tar.gz hdf5-6b6bcdead66f0456ac0528683faac6a8e48b6565.tar.bz2 |
Hdffv 11052 (#2315)
* Fix for HDFFV-11052: h5debug fails on a corrupted file (h5_nrefs_POC) producing a core dump.
When h5debug closes the corrupted file, the library calls H5F__dest() which performs all the
closing operations for the file "f" (H5F_t *) but just keeping note of errors in "ret_value"
all the way till the end of the routine. The user-provided corrupted file has an illegal
file size causing failure when reading the image during the closing process.
At the end of this routine it sets f->shared to NULL and then frees "f".
This is done whether there is error or not in "ret_value".
Due to the failure in reading the file earlier, the routine then returns error.
The error return from H5F__dest() causes the file object "f" not being removed from the
ID node table. When the library finally exits, it will try to close the
file objects in the table. This causes assert failure when H5F_ID_EXISTS(f) or H5F_NREFS(f).
Fix:
a) H5F_dest(): free the f only when there is no error in "ret_value" at the end of the routine.
b) H5VL__native_file_close(): if f->shared is NULL, free "f"; otherwise, perform closing on "f" as before.
c) h5debug.c main(): track error return from H5Fclose().
* Committing clang-format changes
* Add test and release note info for fix to HDFFV-11052 which is merged via PR#2291.
* Committing clang-format changes
* Add the test file to Cmake.
* Skip test_misc37() for drivers that is not default compatible as it is using a pre-generated file.
* Committing clang-format changes
Co-authored-by: vchoi <vchoi@jelly.ad.hdfgroup.org>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
-rw-r--r-- | test/tmisc.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/test/tmisc.c b/test/tmisc.c index 8a70a29..5fb44d4 100644 --- a/test/tmisc.c +++ b/test/tmisc.c @@ -6060,15 +6060,23 @@ test_misc36(void) static void test_misc37(void) { - const char *fname; + const char *testfile = H5_get_srcdir_filename(CVE_2020_10812_FILENAME); + hbool_t driver_is_default_compatible; hid_t fid; herr_t ret; /* Output message about test being performed */ MESSAGE(5, ("Fix for HDFFV-11052/CVE-2020-10812")); - fname = H5_get_srcdir_filename(CVE_2020_10812_FILENAME); - fid = H5Fopen(fname, H5F_ACC_RDONLY, H5P_DEFAULT); + ret = h5_driver_is_default_vfd_compatible(H5P_DEFAULT, &driver_is_default_compatible); + CHECK(ret, FAIL, "h5_driver_is_default_vfd_compatible"); + + if (!driver_is_default_compatible) { + HDprintf("-- SKIPPED --\n"); + return; + } + + fid = H5Fopen(testfile, H5F_ACC_RDONLY, H5P_DEFAULT); CHECK(fid, FAIL, "H5Fopen"); /* This should fail due to the illegal file size. |