diff options
author | Egbert Eich <eich@suse.com> | 2022-12-02 05:04:42 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-02 05:04:42 (GMT) |
commit | 4e0277c35a5a6e8eb84058a905efa06bb3915985 (patch) | |
tree | 08e110d8f92bdd3ecdb41ed42c075667e2b27145 /src/H5Gdeprec.c | |
parent | 96a4e101023d0926f714e2dbec2e4ffca45abc16 (diff) | |
download | hdf5-4e0277c35a5a6e8eb84058a905efa06bb3915985.zip hdf5-4e0277c35a5a6e8eb84058a905efa06bb3915985.tar.gz hdf5-4e0277c35a5a6e8eb84058a905efa06bb3915985.tar.bz2 |
Report error if dimensions of chunked storage in data layout < 2 (#2241)
For Data Layout Messages version 1 & 2 the specification state
that the value stored in the data field is 1 greater than the
number of dimensions in the dataspace. For version 3 this is
not explicitly stated but the implementation suggests it to be
the case.
Thus the set value needs to be at least 2. For dimensionality
< 2 an out-of-bounds access occurs as in CVE-2021-45833.
This fixes CVE-2021-45833 / Bug #2240.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.com>
Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
Diffstat (limited to 'src/H5Gdeprec.c')
0 files changed, 0 insertions, 0 deletions