diff options
author | jhendersonHDF <jhenderson@hdfgroup.org> | 2023-04-14 12:50:32 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-14 12:50:32 (GMT) |
commit | 537c910823697215cfc203095ad4c0ee20e4b6c9 (patch) | |
tree | d683a25c61b24351f41571411e57095544cea29e /release_docs | |
parent | a66bff93b2d989f8087a9daa1ef526c8fc8b48b6 (diff) | |
download | hdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.zip hdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.tar.gz hdf5-537c910823697215cfc203095ad4c0ee20e4b6c9.tar.bz2 |
Fix a heap buffer overflow during H5D__compact_readvv (GitHub #2606) (#2664) (#2725)
Diffstat (limited to 'release_docs')
-rw-r--r-- | release_docs/RELEASE.txt | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index cf43a34..735ac42 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -169,26 +169,24 @@ Bug Fixes since HDF5-1.14.0 release (VC - 2023/04/11 GH-2599) - - Fixed issues in the Subfiling VFD when using the SELECT_IOC_EVERY_NTH_RANK - or SELECT_IOC_TOTAL I/O concentrator selection strategies - - Multiple bugs involving these I/O concentrator selection strategies - were fixed, including: - - * A bug that caused the selection strategy to be altered when - criteria for the strategy was specified in the - H5FD_SUBFILING_IOC_SELECTION_CRITERIA environment variable as - a single value, rather than in the old and undocumented - 'integer:integer' format - * Two bugs which caused a request for 'N' I/O concentrators to - result in 'N - 1' I/O concentrators being assigned, which also - lead to issues if only 1 I/O concentrator was requested - - Also added a regression test for these two I/O concentrator selection - strategies to prevent future issues. - - (JTH - 2023/03/15) - + - Fixed a heap buffer overflow that occurs when reading from + a dataset with a compact layout within a malformed HDF5 file + + During opening of a dataset that has a compact layout, the + library allocates a buffer that stores the dataset's raw data. + The dataset's object header that gets written to the file + contains information about how large of a buffer the library + should allocate. If this object header is malformed such that + it causes the library to allocate a buffer that is too small + to hold the dataset's raw data, future I/O to the dataset can + result in heap buffer overflows. To fix this issue, an extra + check is now performed for compact datasets to ensure that + the size of the allocated buffer matches the expected size + of the dataset's raw data (as calculated from the dataset's + dataspace and datatype information). If the two sizes do not + match, opening of the dataset will fail. + + (JTH - 2023/04/04, GH-2606) - Fixed a memory corruption issue that can occur when reading from a dataset using a hyperslab selection in the file |