diff options
| author | vchoi-hdfgroup <55293060+vchoi-hdfgroup@users.noreply.github.com> | 2023-04-13 21:36:24 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-13 21:36:24 (GMT) |
| commit | a66bff93b2d989f8087a9daa1ef526c8fc8b48b6 (patch) | |
| tree | 2f31d5554a62fc00b121618df41111940ab0b25d | |
| parent | 2319d4a092a2070fde91947e6a914282c676d7bf (diff) | |
| download | hdf5-a66bff93b2d989f8087a9daa1ef526c8fc8b48b6.zip hdf5-a66bff93b2d989f8087a9daa1ef526c8fc8b48b6.tar.gz hdf5-a66bff93b2d989f8087a9daa1ef526c8fc8b48b6.tar.bz2 | |
Fix for github issue #2599: (#2665) (#2706)
* Fix for github issue #2599:
As indicated in the description, memory leak is detected when running "./h5dump pov".
The problem is: when calling H5O__add_cont_msg() from H5O__chunk_deserialize(),
memory is allocated for cont_msg_info->msgs. Eventually, when the library tries to load
the continuation message via H5AC_protect() in H5O_protect(), error is
encountered due to illegal info in the continuation message.
Due to the error, H5O_protect() exits but the memory allocated for cont_msg_info->msgs is not freed.
When we figure out how to handle fuzzed files that we didn't generate,
a test needs to be added to run h5dump with the provided "pov" file.
* Add message to release notes for the fix to github issue #2599.
| -rw-r--r-- | release_docs/RELEASE.txt | 14 | ||||
| -rw-r--r-- | src/H5Oint.c | 7 |
2 files changed, 20 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index e36372a..cf43a34 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -156,6 +156,19 @@ Bug Fixes since HDF5-1.14.0 release =================================== Library ------- + - Memory leak + + Memory leak was detected when running h5dump with "pov". The memory was allocated + via H5FL__malloc() in hdf5/src/H5FL.c + + The fuzzed file "pov" was an HDF5 file containing an illegal continuation message. + When deserializing the object header chunks for the file, memory is allocated for the + array of continuation messages (cont_msg_info->msgs) in continuation message info struct. + As error is encountered in loading the illegal message, the memory allocated for + cont_msg_info->msgs needs to be freed. + + (VC - 2023/04/11 GH-2599) + - Fixed issues in the Subfiling VFD when using the SELECT_IOC_EVERY_NTH_RANK or SELECT_IOC_TOTAL I/O concentrator selection strategies @@ -176,6 +189,7 @@ Bug Fixes since HDF5-1.14.0 release (JTH - 2023/03/15) + - Fixed a memory corruption issue that can occur when reading from a dataset using a hyperslab selection in the file dataspace and a point selection in the memory dataspace diff --git a/src/H5Oint.c b/src/H5Oint.c index 0499cd9..f2f106b 100644 --- a/src/H5Oint.c +++ b/src/H5Oint.c @@ -1165,9 +1165,14 @@ H5O_protect(const H5O_loc_t *loc, unsigned prot_flags, hbool_t pin_all_chunks) ret_value = oh; done: - if (ret_value == NULL && oh) + if (ret_value == NULL && oh) { + /* Release any continuation messages built up */ + if (cont_msg_info.msgs) + cont_msg_info.msgs = (H5O_cont_t *)H5FL_SEQ_FREE(H5O_cont_t, cont_msg_info.msgs); + if (H5O_unprotect(loc, oh, H5AC__NO_FLAGS_SET) < 0) HDONE_ERROR(H5E_OHDR, H5E_CANTUNPROTECT, NULL, "unable to release object header") + } FUNC_LEAVE_NOAPI_TAG(ret_value) } /* end H5O_protect() */ |