diff options
author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2023-08-22 03:11:56 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-22 03:11:56 (GMT) |
commit | a7c095d5befd0ab290aaa42a3195c4a386ebfa1d (patch) | |
tree | 37db31aad15589309b5e97d7882856166a515ca2 /bin/runbkgprog | |
parent | 221e727ee2bf9ff6d05f3cbe9583ea7892d7c8fa (diff) | |
download | hdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.zip hdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.tar.gz hdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.tar.bz2 |
Fix for CVE-2016-4332 (#3406)
This CVE issue was previously listed as fixed (via HDFFV-9950) back in
2016, but with no confirmation test. Now that test files exist for
the 2016 Talos CVE issues, we found that CVE-2016-4332 can raise an
assert in debug builds.
This fix replaces the assert with pointer checks that don't raise
errors or asserts. Since the function is in cleanup code, we do our
best to close and free things, even when presented with partially-
initialized structs.
Fixes CVE-2016-4332 and HDFFV-9950 (confirmed via the cve_hdf5 repo)
Diffstat (limited to 'bin/runbkgprog')
0 files changed, 0 insertions, 0 deletions