diff options
author | Egbert Eich <eich@suse.com> | 2023-03-02 17:17:49 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-02 17:17:49 (GMT) |
commit | b16ec83d4bd79f9ffaad85de16056419f3532887 (patch) | |
tree | a8d04d51a806c1f0a0c52485ff8dc60c487ddc14 /config/cmake/HDFUseFortran.cmake | |
parent | 877e4a67c5440f801e9faccf4ca1a451c89eae59 (diff) | |
download | hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.zip hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.gz hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.bz2 |
Check for overflow when calculating on-disk attribute data size (#2459)
* Remove duplicate code
Signed-off-by: Egbert Eich <eich@suse.com>
* Add test case for CVE-2021-37501
Bogus sizes in this test case causes the on-disk data size
calculation in H5O__attr_decode() to overflow so that the
calculated size becomes 0. This causes the read to overflow
and h5dump to segfault.
This test case was crafted, the test file was not directly
generated by HDF5.
Test case from:
https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
Diffstat (limited to 'config/cmake/HDFUseFortran.cmake')
0 files changed, 0 insertions, 0 deletions