summaryrefslogtreecommitdiffstats
path: root/bin/runbkgprog
diff options
context:
space:
mode:
authorDana Robinson <43805+derobins@users.noreply.github.com>2023-08-22 03:11:56 (GMT)
committerGitHub <noreply@github.com>2023-08-22 03:11:56 (GMT)
commita7c095d5befd0ab290aaa42a3195c4a386ebfa1d (patch)
tree37db31aad15589309b5e97d7882856166a515ca2 /bin/runbkgprog
parent221e727ee2bf9ff6d05f3cbe9583ea7892d7c8fa (diff)
downloadhdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.zip
hdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.tar.gz
hdf5-a7c095d5befd0ab290aaa42a3195c4a386ebfa1d.tar.bz2
Fix for CVE-2016-4332 (#3406)
This CVE issue was previously listed as fixed (via HDFFV-9950) back in 2016, but with no confirmation test. Now that test files exist for the 2016 Talos CVE issues, we found that CVE-2016-4332 can raise an assert in debug builds. This fix replaces the assert with pointer checks that don't raise errors or asserts. Since the function is in cleanup code, we do our best to close and free things, even when presented with partially- initialized structs. Fixes CVE-2016-4332 and HDFFV-9950 (confirmed via the cve_hdf5 repo)
Diffstat (limited to 'bin/runbkgprog')
0 files changed, 0 insertions, 0 deletions