diff options
| author | Larry Knox <lrknox@hdfgroup.org> | 2023-08-04 19:17:33 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-04 19:17:33 (GMT) |
| commit | 3262891c6b2060cb8044e37cab461275d7ac4a58 (patch) | |
| tree | 253bd5c4d73458a035997329b91abc76e3d31a14 /release_docs | |
| parent | 1bb9a0d45ce31eb1cdffd1b79d975afeab34851c (diff) | |
| download | hdf5-3262891c6b2060cb8044e37cab461275d7ac4a58.zip hdf5-3262891c6b2060cb8044e37cab461275d7ac4a58.tar.gz hdf5-3262891c6b2060cb8044e37cab461275d7ac4a58.tar.bz2 | |
Merges from develop Aug 2-4 (#3354)
* Fix CVE-2018-11202 (#3330)
A malformed file could result in chunk index memory leaks. Under most
conditions (i.e., when the --enable-using-memchecker option is NOT
used), this would result in a small memory leak and and infinite loop
and abort when shutting down the library. The infinite loop would be
due to the "free list" package not being able to clear its resources
so the library couldn't shut down. When the "using a memory checker"
option is used, the free lists are disabled so there is just a memory
leak with no abort on library shutdown.
The chunk index resources are now correctly cleaned up when reading
misparsed files and valgrind confirms no memory leaks.
* Fix CVE-2018-13867 (#3336)
* Windows runtime items go into the bin folder (#3320)
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 20c2535..3934fd9 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -121,6 +121,29 @@ Bug Fixes since HDF5-1.14.1 release =================================== Library ------- + - Fixed CVE-2018-13867 + + A corrupt file containing an invalid local heap datablock address + could trigger an assert failure when the metadata cache attempted + to load the datablock from storage. + + The local heap now verifies that the datablock address is valid + when the local heap header information is parsed. + + - Fixed CVE-2018-11202 + + A malformed file could result in chunk index memory leaks. Under most + conditions (i.e., when the --enable-using-memchecker option is NOT + used), this would result in a small memory leak and and infinite loop + and abort when shutting down the library. The infinite loop would be + due to the "free list" package not being able to clear its resources + so the library couldn't shut down. When the "using a memory checker" + option is used, the free lists are disabled so there is just a memory + leak with no abort on library shutdown. + + The chunk index resources are now correctly cleaned up when reading + misparsed files and valgrind confirms no memory leaks. + - Fixed an issue where an assert statement was converted to an incorrect error check statement |