diff options
| author | Allen Byrne <byrn@hdfgroup.org> | 2018-03-14 20:00:29 (GMT) |
|---|---|---|
| committer | Allen Byrne <byrn@hdfgroup.org> | 2018-03-14 20:00:29 (GMT) |
| commit | 34de732e3e59523aed067e3d26d854a5d0d60ed5 (patch) | |
| tree | 8bddab336c98f113c13f3fb3b4ff20044b1be62e /release_docs | |
| parent | 880d14d4c545c795d525285985287829d43c3f42 (diff) | |
| parent | f30873136be7cb444166d019c57d3508ff79fc76 (diff) | |
| download | hdf5-34de732e3e59523aed067e3d26d854a5d0d60ed5.zip hdf5-34de732e3e59523aed067e3d26d854a5d0d60ed5.tar.gz hdf5-34de732e3e59523aed067e3d26d854a5d0d60ed5.tar.bz2 | |
Merging in latest from upstream (HDFFV/hdf5:refs/heads/hdf5_1_10)
* commit 'f30873136be7cb444166d019c57d3508ff79fc76':
Rework new tests into one macro
Added a "won't fix" RELEASE.txt entry for HDFFV-10356.
Fix CMake test names
Fixed typo
Add release note for HDFFFV-10397.
Added a fix for HDFFV-10358.
Fixed documentation Description: - Updated the description of copy constructor for clarification. - Removed unnecessary comments. Platforms tested: Linux/64 (jelly)
Enhancement to the tool h5clear (HDFFV-10360)
Fix for HDFFV-10209 VDS SWMR test failure Free the object header when there are chksum retries.
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index da46821..970b4c7 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -539,6 +539,26 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10355) + - If an HDF5 file contains a malformed compound datatype with a + suitably large offset, the type conversion code can run off + the end of the type conversion buffer, causing a segmentation + fault. + + This issue was reported to The HDF Group as issue #CVE-2017-17507. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME + + Fixing this problem would involve updating the publicly visible + H5T_conv_t function pointer typedef and versioning the API calls + which use it. We normally only modify the public API during + major releases, so this bug will not be fixed at this time. + + (DER - 2018/02/26, HDFFV-10356) + - If an HDF5 file contains a malformed compound type which contains a member of size zero, a division by zero error will occur while processing the type. @@ -554,6 +574,23 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10357) + - If an HDF5 file contains a malformed symbol table node that declares + it contains more symbols than it actually contains, the library + can run off the end of the metadata cache buffer while processing + the symbol table node. + + This issue was reported to The HDF Group as issue #CVE-2017-17509. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + Performing bounds checks on the buffer while processing fixes the + problem. Instead of the segmentation fault, the normal HDF5 error + handling is invoked. + + (DER - 2018/03/12, HDFFV-10358) + Configuration ------------- - CMake @@ -864,11 +901,20 @@ Bug Fixes since HDF5-1.10.1 release C++ APIs -------- - - + - Removal of memory leaks + + A private function was inadvertently called, causing memory leaks. This + is now fixed. + + (BMR - 2018/03/12 - User's reported in email) Testing ------- - - + - Memory for three variables in testphdf5's coll_write_test was malloced + but not freed, leaking memory when running the test. The variables' + memory is now freed. + + (LRK - 2018/03/12, HDFFV-10397) Supported Platforms =================== |