summaryrefslogtreecommitdiffstats
path: root/release_docs/RELEASE.txt
diff options
context:
space:
mode:
authorBinh-Minh Ribler <bmribler@hdfgroup.org>2019-01-31 02:04:30 (GMT)
committerBinh-Minh Ribler <bmribler@hdfgroup.org>2019-01-31 02:04:30 (GMT)
commit02d03b4624122955ee3de635699a4e3880fea377 (patch)
treebdd4976bee0b9633638b5c9502aad2848bc7ff8a /release_docs/RELEASE.txt
parent2880ef43eb03526e7d75551720547b85e66a3086 (diff)
downloadhdf5-02d03b4624122955ee3de635699a4e3880fea377.zip
hdf5-02d03b4624122955ee3de635699a4e3880fea377.tar.gz
hdf5-02d03b4624122955ee3de635699a4e3880fea377.tar.bz2
Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684
Description: HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters Added a check for zero value HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper This is actually an Invalid read issue. It was found that the attribute name length in an attribute message was corrupted, which caused the buffer pointer to be advanced too far and later caused an invalid read. Added a check to detect attribute name and its length mismatch. The fix does not cover all cases, but it'll reduce the chance of this issue when a name length is corrupted or the attribute name is corrupted. HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited The test for HDFFV-10588 has revealed a bug in H5Ewalk. H5Ewalk did not stop midway even when the call back function returns H5_ITER_STOP. This is because a condition is missing from the for loops in H5E__walk causing the callback functions unable to stop until all the errors in the stack are iterated. Quincey advised on the final fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR to HERROR, and the for loops won't continue when "ret_value" is not 0. Platforms tested: Linux/64 (jelly) Linux/64 (platypus) Darwin (osx1011test)
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r--release_docs/RELEASE.txt34
1 files changed, 31 insertions, 3 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 836d1a1..5ff697c 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -355,14 +355,42 @@ Bug Fixes since HDF5-1.10.3 release
(JTH - 2018/08/25, HDFFV-10501)
- - There was an incorrect protection against division by zero reported
- to The HDF Group as issue #CVE-2018-17233.
+ - There was missing protection against division by zero reported to
+ The HDF Group as issue #CVE-2018-17233.
Protection against division by zero was added to address the issue
#CVE-2018-17233. In addition, several similar occurrences in the same
file were fixed as well.
- (BMR - 2018/02/26, HDFFV-10577)
+ (BMR - 2018/12/23, HDFFV-10577)
+
+ - There was missing protection against division by zero reported to
+ The HDF Group as issue #CVE-2018-17434.
+
+ Protection against division by zero was added to address the issue
+ #CVE-2018-17434.
+
+ (BMR - 2019/01/29, HDFFV-10586)
+
+ - The issue CVE-2018-17437 was reported to The HDF Group
+
+ Although CVE-2018-17437 reported memory leak, the actual issues
+ were invalid read. It was found that the attribute name length
+ in an attribute message was corrupted, which caused the buffer
+ pointer to be advanced too far and later caused an invalid read.
+
+ A check was added to detect when the attribute name or its length
+ was corrupted and report the potential of data corruption.
+
+ (BMR - 2019/01/29, HDFFV-10588)
+
+ - H5Ewalk did not stop when it was supposed to
+
+ H5Ewalk was supposed to stop when the callback function stopped
+ even though the errors in the stack were not all visited, but it
+ did not. This problem is now fixed.
+
+ (BMR - 2019/01/29, HDFFV-10684)
Java Library: