diff options
author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-31 02:04:30 (GMT) |
---|---|---|
committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-31 02:04:30 (GMT) |
commit | 02d03b4624122955ee3de635699a4e3880fea377 (patch) | |
tree | bdd4976bee0b9633638b5c9502aad2848bc7ff8a /release_docs/RELEASE.txt | |
parent | 2880ef43eb03526e7d75551720547b85e66a3086 (diff) | |
download | hdf5-02d03b4624122955ee3de635699a4e3880fea377.zip hdf5-02d03b4624122955ee3de635699a4e3880fea377.tar.gz hdf5-02d03b4624122955ee3de635699a4e3880fea377.tar.bz2 |
Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684
Description:
HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters
Added a check for zero value
HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper
This is actually an Invalid read issue. It was found that the
attribute name length in an attribute message was corrupted,
which caused the buffer pointer to be advanced too far and later
caused an invalid read.
Added a check to detect attribute name and its length mismatch. The
fix does not cover all cases, but it'll reduce the chance of this issue
when a name length is corrupted or the attribute name is corrupted.
HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited
The test for HDFFV-10588 has revealed a bug in H5Ewalk.
H5Ewalk did not stop midway even when the call back function returns
H5_ITER_STOP. This is because a condition is missing from the for
loops in H5E__walk causing the callback functions unable to stop until
all the errors in the stack are iterated. Quincey advised on the final
fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR
to HERROR, and the for loops won't continue when "ret_value" is not 0.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1011test)
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 836d1a1..5ff697c 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -355,14 +355,42 @@ Bug Fixes since HDF5-1.10.3 release (JTH - 2018/08/25, HDFFV-10501) - - There was an incorrect protection against division by zero reported - to The HDF Group as issue #CVE-2018-17233. + - There was missing protection against division by zero reported to + The HDF Group as issue #CVE-2018-17233. Protection against division by zero was added to address the issue #CVE-2018-17233. In addition, several similar occurrences in the same file were fixed as well. - (BMR - 2018/02/26, HDFFV-10577) + (BMR - 2018/12/23, HDFFV-10577) + + - There was missing protection against division by zero reported to + The HDF Group as issue #CVE-2018-17434. + + Protection against division by zero was added to address the issue + #CVE-2018-17434. + + (BMR - 2019/01/29, HDFFV-10586) + + - The issue CVE-2018-17437 was reported to The HDF Group + + Although CVE-2018-17437 reported memory leak, the actual issues + were invalid read. It was found that the attribute name length + in an attribute message was corrupted, which caused the buffer + pointer to be advanced too far and later caused an invalid read. + + A check was added to detect when the attribute name or its length + was corrupted and report the potential of data corruption. + + (BMR - 2019/01/29, HDFFV-10588) + + - H5Ewalk did not stop when it was supposed to + + H5Ewalk was supposed to stop when the callback function stopped + even though the errors in the stack were not all visited, but it + did not. This problem is now fixed. + + (BMR - 2019/01/29, HDFFV-10684) Java Library: |