diff options
| author | Larry Knox <lrknox@hdfgroup.org> | 2018-03-13 18:04:03 (GMT) |
|---|---|---|
| committer | Larry Knox <lrknox@hdfgroup.org> | 2018-03-13 18:04:03 (GMT) |
| commit | f30873136be7cb444166d019c57d3508ff79fc76 (patch) | |
| tree | 559406eb3860a27fe1bfc6fcc7b5febe8454cba7 /release_docs | |
| parent | 8a77c7a3e4cd49cc0de824476b04b4926582e1ed (diff) | |
| parent | 9247388c3d14510341ea3f07847ce2cbb6e44a8e (diff) | |
| download | hdf5-f30873136be7cb444166d019c57d3508ff79fc76.zip hdf5-f30873136be7cb444166d019c57d3508ff79fc76.tar.gz hdf5-f30873136be7cb444166d019c57d3508ff79fc76.tar.bz2 | |
Merge pull request #943 in HDFFV/hdf5 from develop to hdf5_1_10
* commit '9247388c3d14510341ea3f07847ce2cbb6e44a8e':
Rework new tests into one macro
Added a "won't fix" RELEASE.txt entry for HDFFV-10356.
Fix CMake test names
Fixed typo
Add release note for HDFFFV-10397.
Added a fix for HDFFV-10358.
Fixed documentation Description: - Updated the description of copy constructor for clarification. - Removed unnecessary comments. Platforms tested: Linux/64 (jelly)
Enhancement to the tool h5clear (HDFFV-10360)
Fix for HDFFV-10209 VDS SWMR test failure Free the object header when there are chksum retries.
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 13c4b5a..72afd84 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -533,6 +533,26 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10355) + - If an HDF5 file contains a malformed compound datatype with a + suitably large offset, the type conversion code can run off + the end of the type conversion buffer, causing a segmentation + fault. + + This issue was reported to The HDF Group as issue #CVE-2017-17507. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME + + Fixing this problem would involve updating the publicly visible + H5T_conv_t function pointer typedef and versioning the API calls + which use it. We normally only modify the public API during + major releases, so this bug will not be fixed at this time. + + (DER - 2018/02/26, HDFFV-10356) + - If an HDF5 file contains a malformed compound type which contains a member of size zero, a division by zero error will occur while processing the type. @@ -548,6 +568,23 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10357) + - If an HDF5 file contains a malformed symbol table node that declares + it contains more symbols than it actually contains, the library + can run off the end of the metadata cache buffer while processing + the symbol table node. + + This issue was reported to The HDF Group as issue #CVE-2017-17509. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + Performing bounds checks on the buffer while processing fixes the + problem. Instead of the segmentation fault, the normal HDF5 error + handling is invoked. + + (DER - 2018/03/12, HDFFV-10358) + Configuration ------------- - CMake @@ -858,11 +895,20 @@ Bug Fixes since HDF5-1.10.1 release C++ APIs -------- - - + - Removal of memory leaks + + A private function was inadvertently called, causing memory leaks. This + is now fixed. + + (BMR - 2018/03/12 - User's reported in email) Testing ------- - - + - Memory for three variables in testphdf5's coll_write_test was malloced + but not freed, leaking memory when running the test. The variables' + memory is now freed. + + (LRK - 2018/03/12, HDFFV-10397) Supported Platforms =================== |