diff options
| author | bmribler <39579120+bmribler@users.noreply.github.com> | 2023-04-18 18:22:48 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-18 18:22:48 (GMT) |
| commit | 547fb23bb2be18787156f72af637656b2c20232b (patch) | |
| tree | d7f8b5d5250239fd6106a1da4ef175ca18f9922e /release_docs | |
| parent | 1ffe6afce83b18ec608827089a080ef671a27e8f (diff) | |
| download | hdf5-547fb23bb2be18787156f72af637656b2c20232b.zip hdf5-547fb23bb2be18787156f72af637656b2c20232b.tar.gz hdf5-547fb23bb2be18787156f72af637656b2c20232b.tar.bz2 | |
Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode (#2763)
Verified with valgrind -v --tool=memcheck --leak-check=full h5dump POV-GH-2603
The several invalid reads shown originally are now gone.
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 53df50c..7de2a61 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -201,10 +201,19 @@ Support for new platforms, languages and compilers - -Bug Fixes since HDF5-1.12.1 release +Bug Fixes since HDF5-1.12.2 release =================================== Library ------- + - Fixed potential heap buffer overflow in decoding of link info message + + Detections of buffer overflow were added for decoding version, index + flags, link creation order value, and the next three addresses. The + checkings will remove the potential invalid read of any of these + values that could be triggered by a malformed file. + + (GH-2603 - 2023/04/16) + - Fixed potential buffer overrun issues in some object header decode routines Several checks were added to H5O__layout_decode and H5O__sdspace_decode to |