Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode (#2679) (#2729)

author: jhendersonHDF <jhenderson@hdfgroup.org> 2023-04-15 05:12:52 (GMT)
committer: GitHub <noreply@github.com> 2023-04-15 05:12:52 (GMT)
commit: be02375f5926300e84f0c661b74cfdc7f97c5f26 (patch)
tree: 89eee0b9d22bad91848b9f1e174ac24cf64ac9e0 /release_docs/RELEASE.txt
parent: 895ebf705ea5b830685424cbfe0ebef7cfd90d28 (diff)
download: hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.zip
hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.tar.gz
hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index acc5411..d547aa6 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -223,6 +223,14 @@ Bug Fixes since HDF5-1.12.1 release
 ===================================
     Library
     -------
+    - Fixed potential buffer overrun issues in some object header decode routines
+
+      Several checks were added to H5O__layout_decode and H5O__sdspace_decode to
+      ensure that memory buffers don't get overrun when decoding buffers read from
+      a (possibly corrupted) HDF5 file.
+
+      (JTH - 2023/04/05)
+
     - Fixed a heap buffer overflow that occurs when reading from
       a dataset with a compact layout within a malformed HDF5 file
author	jhendersonHDF <jhenderson@hdfgroup.org>	2023-04-15 05:12:52 (GMT)
committer	GitHub <noreply@github.com>	2023-04-15 05:12:52 (GMT)
commit	be02375f5926300e84f0c661b74cfdc7f97c5f26 (patch)
tree	89eee0b9d22bad91848b9f1e174ac24cf64ac9e0 /release_docs/RELEASE.txt
parent	895ebf705ea5b830685424cbfe0ebef7cfd90d28 (diff)
download	hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.zip hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.tar.gz hdf5-be02375f5926300e84f0c661b74cfdc7f97c5f26.tar.bz2