Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode (#2679) (#2728)

1 files changed, 28 insertions, 0 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 735ac42..520fcc7 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -156,6 +156,34 @@ Bug Fixes since HDF5-1.14.0 release
 ===================================
     Library
     -------
+    - Fixed potential buffer overrun issues in some object header decode routines
+
+      Several checks were added to H5O__layout_decode and H5O__sdspace_decode to
+      ensure that memory buffers don't get overrun when decoding buffers read from
+      a (possibly corrupted) HDF5 file.
+
+      (JTH - 2023/04/05)
+
+    - Fixed issues in the Subfiling VFD when using the SELECT_IOC_EVERY_NTH_RANK
+      or SELECT_IOC_TOTAL I/O concentrator selection strategies
+
+      Multiple bugs involving these I/O concentrator selection strategies
+      were fixed, including:
+
+        * A bug that caused the selection strategy to be altered when
+          criteria for the strategy was specified in the
+          H5FD_SUBFILING_IOC_SELECTION_CRITERIA environment variable as
+          a single value, rather than in the old and undocumented
+          'integer:integer' format
+        * Two bugs which caused a request for 'N' I/O concentrators to
+          result in 'N - 1' I/O concentrators being assigned, which also
+          lead to issues if only 1 I/O concentrator was requested
+
+      Also added a regression test for these two I/O concentrator selection
+      strategies to prevent future issues. 
+
+      (JTH - 2023/03/15)
+
     - Memory leak
 
       Memory leak was detected when running h5dump with "pov".  The memory was allocated