diff options
author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2023-08-31 11:26:05 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-31 11:26:05 (GMT) |
commit | 1ddc2e906ac59d3916ec23a2400227654ccde4dd (patch) | |
tree | 5c8b671d2dad1791a59f89f1074faa00536d8019 /release_docs/RELEASE.txt | |
parent | 5e71d54c8fe9c13e6729a3274e36b61b94ed5822 (diff) | |
download | hdf5-1ddc2e906ac59d3916ec23a2400227654ccde4dd.zip hdf5-1ddc2e906ac59d3916ec23a2400227654ccde4dd.tar.gz hdf5-1ddc2e906ac59d3916ec23a2400227654ccde4dd.tar.bz2 |
Fix CVE-2018-11202 (#3452)
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 668c648..5dc8bf5 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -135,6 +135,20 @@ Bug Fixes since HDF5-1.10.10 release =================================== Library ------- + - Fixed CVE-2018-11202 + + A malformed file could result in chunk index memory leaks. Under most + conditions (i.e., when the --enable-using-memchecker option is NOT + used), this would result in a small memory leak and and infinite loop + and abort when shutting down the library. The infinite loop would be + due to the "free list" package not being able to clear its resources + so the library couldn't shut down. When the "using a memory checker" + option is used, the free lists are disabled so there is just a memory + leak with no abort on library shutdown. + + The chunk index resources are now correctly cleaned up when reading + misparsed files and valgrind confirms no memory leaks. + - Fixed an assertion in a previous fix for CVE-2016-4332 An assert could fail when processing corrupt files that have invalid |