diff options
| author | bmribler <39579120+bmribler@users.noreply.github.com> | 2023-04-18 18:33:49 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-04-18 18:33:49 (GMT) |
| commit | cb548882bb5f2620d34e1f449cbff0bac2725680 (patch) | |
| tree | f95327b4b04012ab0f8ed60ba647d6a673041523 /release_docs | |
| parent | d16d3ed5ceb9e93cede0dfe70efb4fa64b586cf4 (diff) | |
| download | hdf5-cb548882bb5f2620d34e1f449cbff0bac2725680.zip hdf5-cb548882bb5f2620d34e1f449cbff0bac2725680.tar.gz hdf5-cb548882bb5f2620d34e1f449cbff0bac2725680.tar.bz2 | |
Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode (#2758)
Verified with valgrind -v --tool=memcheck --leak-check=full h5dump POV-GH-2603
The several invalid reads shown originally are now gone.
Diffstat (limited to 'release_docs')
| -rw-r--r-- | release_docs/RELEASE.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 514b69b..7ce1fe2 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -117,6 +117,15 @@ Bug Fixes since HDF5-1.10.10 release =================================== Library ------- + - Fixed potential heap buffer overflow in decoding of link info message + + Detections of buffer overflow were added for decoding version, index + flags, link creation order value, and the next three addresses. The + checkings will remove the potential invalid read of any of these + values that could be triggered by a malformed file. + + (BMR - 2023/04/12 GH-2603) + - Fixed potential buffer overrun issues in some object header decode routines Several checks were added to H5O__layout_decode and H5O__sdspace_decode to |