diff options
author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2021-04-29 11:57:02 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-29 11:57:02 (GMT) |
commit | 138bc52facad0e6be4cfd13a860bb628c1dfd626 (patch) | |
tree | 8fc9c29e5cfbbbf05293f3a0c34d65e55fe82bcd /src/H5FDlog.c | |
parent | 00dc456cec2a6820bbb05d8a9a2f1967bf30f7e8 (diff) | |
download | hdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.zip hdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.tar.gz hdf5-138bc52facad0e6be4cfd13a860bb628c1dfd626.tar.bz2 |
Fix for a segfault when H5Pset_fapl_log is passed an invalid fapl ID (#607)
* Committing clang-format changes
* Fixes an issue where H5Pset_fapl_log sefaults when passed an invalid
fapl ID
This was due to a pointer-containing struct being memset after the first
internal API call. If the first call failed, the error condition would
check if the pointer was not NULL and then attempt to free it if not.
This would lead to the freeing of a wild pointer if an invalid fapl ID
were passed in.
This was fixed by reordering the memset and adding a test to ensure the
problem stays fixed.
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'src/H5FDlog.c')
-rw-r--r-- | src/H5FDlog.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/H5FDlog.c b/src/H5FDlog.c index 57902b6..707c97b 100644 --- a/src/H5FDlog.c +++ b/src/H5FDlog.c @@ -328,12 +328,15 @@ H5Pset_fapl_log(hid_t fapl_id, const char *logfile, unsigned long long flags, si FUNC_ENTER_API(FAIL) H5TRACE4("e", "i*sULz", fapl_id, logfile, flags, buf_size); + /* Do this first, so that we don't try to free a wild pointer if + * H5P_object_verify() fails. + */ + HDmemset(&fa, 0, sizeof(H5FD_log_fapl_t)); + /* Check arguments */ if (NULL == (plist = H5P_object_verify(fapl_id, H5P_FILE_ACCESS))) HGOTO_ERROR(H5E_ARGS, H5E_BADTYPE, FAIL, "not a file access property list") - HDmemset(&fa, 0, sizeof(H5FD_log_fapl_t)); - /* Duplicate the log file string * A little wasteful, since this string will just be copied later, but * passing it in as a pointer sets off a chain of impossible-to-resolve |