summaryrefslogtreecommitdiffstats
path: root/src/H5FDlog.c
diff options
context:
space:
mode:
authorDana Robinson <43805+derobins@users.noreply.github.com>2021-04-29 11:57:02 (GMT)
committerGitHub <noreply@github.com>2021-04-29 11:57:02 (GMT)
commit138bc52facad0e6be4cfd13a860bb628c1dfd626 (patch)
tree8fc9c29e5cfbbbf05293f3a0c34d65e55fe82bcd /src/H5FDlog.c
parent00dc456cec2a6820bbb05d8a9a2f1967bf30f7e8 (diff)
downloadhdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.zip
hdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.tar.gz
hdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.tar.bz2
Fix for a segfault when H5Pset_fapl_log is passed an invalid fapl ID (#607)
* Committing clang-format changes * Fixes an issue where H5Pset_fapl_log sefaults when passed an invalid fapl ID This was due to a pointer-containing struct being memset after the first internal API call. If the first call failed, the error condition would check if the pointer was not NULL and then attempt to free it if not. This would lead to the freeing of a wild pointer if an invalid fapl ID were passed in. This was fixed by reordering the memset and adding a test to ensure the problem stays fixed. Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'src/H5FDlog.c')
-rw-r--r--src/H5FDlog.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/src/H5FDlog.c b/src/H5FDlog.c
index 57902b6..707c97b 100644
--- a/src/H5FDlog.c
+++ b/src/H5FDlog.c
@@ -328,12 +328,15 @@ H5Pset_fapl_log(hid_t fapl_id, const char *logfile, unsigned long long flags, si
FUNC_ENTER_API(FAIL)
H5TRACE4("e", "i*sULz", fapl_id, logfile, flags, buf_size);
+ /* Do this first, so that we don't try to free a wild pointer if
+ * H5P_object_verify() fails.
+ */
+ HDmemset(&fa, 0, sizeof(H5FD_log_fapl_t));
+
/* Check arguments */
if (NULL == (plist = H5P_object_verify(fapl_id, H5P_FILE_ACCESS)))
HGOTO_ERROR(H5E_ARGS, H5E_BADTYPE, FAIL, "not a file access property list")
- HDmemset(&fa, 0, sizeof(H5FD_log_fapl_t));
-
/* Duplicate the log file string
* A little wasteful, since this string will just be copied later, but
* passing it in as a pointer sets off a chain of impossible-to-resolve