diff options
author | jhendersonHDF <jhenderson@hdfgroup.org> | 2023-04-15 02:02:10 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-15 02:02:10 (GMT) |
commit | 4dfa4443a15423f6c483b9c1b46c34fa34efc5e1 (patch) | |
tree | 3e93df7c18142b5f824bd4c1ccf61dd9a268d7e4 /release_docs | |
parent | 6ac41d8415a87e7d248b99cadb6b0dbe63567557 (diff) | |
download | hdf5-4dfa4443a15423f6c483b9c1b46c34fa34efc5e1.zip hdf5-4dfa4443a15423f6c483b9c1b46c34fa34efc5e1.tar.gz hdf5-4dfa4443a15423f6c483b9c1b46c34fa34efc5e1.tar.bz2 |
Fix a heap buffer overflow during H5D__compact_readvv (GitHub #2606) (#2664) (#2727)
Diffstat (limited to 'release_docs')
-rw-r--r-- | release_docs/RELEASE.txt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 2dfbfc2..ea34b05 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -118,6 +118,25 @@ Bug Fixes since HDF5-1.10.10 release =================================== Library ------- + - Fixed a heap buffer overflow that occurs when reading from + a dataset with a compact layout within a malformed HDF5 file + + During opening of a dataset that has a compact layout, the + library allocates a buffer that stores the dataset's raw data. + The dataset's object header that gets written to the file + contains information about how large of a buffer the library + should allocate. If this object header is malformed such that + it causes the library to allocate a buffer that is too small + to hold the dataset's raw data, future I/O to the dataset can + result in heap buffer overflows. To fix this issue, an extra + check is now performed for compact datasets to ensure that + the size of the allocated buffer matches the expected size + of the dataset's raw data (as calculated from the dataset's + dataspace and datatype information). If the two sizes do not + match, opening of the dataset will fail. + + (JTH - 2023/04/13, GH-2606) + - Fix for CVE-2019-8396 Malformed HDF5 files may have truncated content which does not match |