diff options
| author | Egbert Eich <eich@suse.com> | 2022-12-07 22:14:40 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-07 22:14:40 (GMT) |
| commit | 0b4e9cf976438f0a6df7719518d1b1bb96c2caca (patch) | |
| tree | 095e99093ab9f914e6b0fb03d156fae18293d8bc /release_docs | |
| parent | dcccc355261e305a1d877a798d7fd46556b3cbce (diff) | |
| download | hdf5-0b4e9cf976438f0a6df7719518d1b1bb96c2caca.zip hdf5-0b4e9cf976438f0a6df7719518d1b1bb96c2caca.tar.gz hdf5-0b4e9cf976438f0a6df7719518d1b1bb96c2caca.tar.bz2 | |
Compound datatypes may not have members of size 0 (#2243)
* Compound datatypes may not have members of size 0
A member size of 0 may lead to an FPE later on as reported in
CVE-2021-46244. To avoid this, check for this as soon as the
member is decoded.
This should probably be done in H5O_dtype_decode_helper() already,
however it is not clear whether all sizes are expected to be != 0.
This fixes CVE-2021-46244 / Bug #2242.
Signed-off-by: Egbert Eich <eich@suse.com>
* Rework error recovery code in H5O__dtype_decode_helper() and
H5O__dtype_decode().
* Format changes for src/H5Odtype.c.
Signed-off-by: Egbert Eich <eich@suse.com>
Co-authored-by: Neil Fortner <nfortne2@hdfgroup.org>
Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index c0d5c36..b12068c 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -166,24 +166,11 @@ New Features Support for new platforms, languages and compilers ================================================== - - - + Bug Fixes since HDF5-1.13.3 release =================================== Library ------- - - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf - - When evicting driver info block, NULL the corresponding entry. - - Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag - H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing - the pointer in f->shared->drvinfo will prevent use-after-free when it is - used in other functions (like H5F__dest()) - as other places will check - whether the pointer is initialized before using its value. - - (EFE - 2022/09/29 GH-2254) - - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf Validate location (offset) of the accumulated metadata when comparing. @@ -212,6 +199,17 @@ Bug Fixes since HDF5-1.13.3 release (EFE - 2022/10/09 GH-2233) + - CVE-2021-46244 / GHSA-vrxh-5gxg-rmhm + + Compound datatypes may not have members of size 0 + + A member size of 0 may lead to an FPE later on as reported in + CVE-2021-46244. To avoid this, check for this as soon as the + member is decoded. + + (EFE - 2022/10/05 GEH-2242) + + - Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2 Make H5O__fsinfo_decode() more resilient to out-of-bound reads. @@ -225,6 +223,18 @@ Bug Fixes since HDF5-1.13.3 release (EFE - 2022/10/05 GH-2228) + - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf + + When evicting driver info block, NULL the corresponding entry. + + Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag + H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing + the pointer in f->shared->drvinfo will prevent use-after-free when it is + used in other functions (like H5F__dest()) - as other places will check + whether the pointer is initialized before using its value. + + (EFE - 2022/09/29 GH-2254) + - Fix CVE-2021-45833 / GHSA-x57p-jwp6-4v79 Report error if dimensions of chunked storage in data layout < 2 @@ -264,6 +274,7 @@ Bug Fixes since HDF5-1.13.3 release (EFE - 2022/09/27 HDFFV-10589, GH-2226) + Java Library ------------ - |