summaryrefslogtreecommitdiffstats
path: root/release_docs
diff options
context:
space:
mode:
authorjhendersonHDF <jhenderson@hdfgroup.org>2023-04-14 12:50:32 (GMT)
committerGitHub <noreply@github.com>2023-04-14 12:50:32 (GMT)
commit537c910823697215cfc203095ad4c0ee20e4b6c9 (patch)
treed683a25c61b24351f41571411e57095544cea29e /release_docs
parenta66bff93b2d989f8087a9daa1ef526c8fc8b48b6 (diff)
downloadhdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.zip
hdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.tar.gz
hdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.tar.bz2
Fix a heap buffer overflow during H5D__compact_readvv (GitHub #2606) (#2664) (#2725)
Diffstat (limited to 'release_docs')
-rw-r--r--release_docs/RELEASE.txt38
1 files changed, 18 insertions, 20 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index cf43a34..735ac42 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -169,26 +169,24 @@ Bug Fixes since HDF5-1.14.0 release
(VC - 2023/04/11 GH-2599)
- - Fixed issues in the Subfiling VFD when using the SELECT_IOC_EVERY_NTH_RANK
- or SELECT_IOC_TOTAL I/O concentrator selection strategies
-
- Multiple bugs involving these I/O concentrator selection strategies
- were fixed, including:
-
- * A bug that caused the selection strategy to be altered when
- criteria for the strategy was specified in the
- H5FD_SUBFILING_IOC_SELECTION_CRITERIA environment variable as
- a single value, rather than in the old and undocumented
- 'integer:integer' format
- * Two bugs which caused a request for 'N' I/O concentrators to
- result in 'N - 1' I/O concentrators being assigned, which also
- lead to issues if only 1 I/O concentrator was requested
-
- Also added a regression test for these two I/O concentrator selection
- strategies to prevent future issues.
-
- (JTH - 2023/03/15)
-
+ - Fixed a heap buffer overflow that occurs when reading from
+ a dataset with a compact layout within a malformed HDF5 file
+
+ During opening of a dataset that has a compact layout, the
+ library allocates a buffer that stores the dataset's raw data.
+ The dataset's object header that gets written to the file
+ contains information about how large of a buffer the library
+ should allocate. If this object header is malformed such that
+ it causes the library to allocate a buffer that is too small
+ to hold the dataset's raw data, future I/O to the dataset can
+ result in heap buffer overflows. To fix this issue, an extra
+ check is now performed for compact datasets to ensure that
+ the size of the allocated buffer matches the expected size
+ of the dataset's raw data (as calculated from the dataset's
+ dataspace and datatype information). If the two sizes do not
+ match, opening of the dataset will fail.
+
+ (JTH - 2023/04/04, GH-2606)
- Fixed a memory corruption issue that can occur when reading
from a dataset using a hyperslab selection in the file