diff options
| author | bmribler <39579120+bmribler@users.noreply.github.com> | 2020-12-16 13:45:45 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-16 13:45:45 (GMT) |
| commit | a84a29566c22ab46146f8127ea4289937c59c526 (patch) | |
| tree | eccf06cdf63cd9855892307d92d5f2682c17ddff /src/H5O.c | |
| parent | c7ddc1cf954324867410a9c1b7d2caa63706165d (diff) | |
| download | hdf5-a84a29566c22ab46146f8127ea4289937c59c526.zip hdf5-a84a29566c22ab46146f8127ea4289937c59c526.tar.gz hdf5-a84a29566c22ab46146f8127ea4289937c59c526.tar.bz2 | |
Hdf5 1 8 (#169)
* Fixed HDFFV-10480 and HDFFV-11159
Description
Checked against buffer size to prevent segfault, in case of data corruption.
+ HDFFV-11159 CVE-2018-14033 Buffer over-read in H5O_layout_decode
+ HDFFV-10480 CVE-2018-11206 Buffer over-read in H5O_fill_new[/old]_decode and
A user's patch was applied to this previously, but it is redone
for a more correct fix, that is the check now accounted for the
previous advance of the buffer pointer.
Platforms tested:
Linux/64 (jelly)
* Fixed typo
* Fixed HDFFV-11150
Description
Replaced an HDassert with a check for null pointer in H5O_dec_rc() to
catch null pointer in corrupted data situation.
Reversed the fix in svn-r24463 in which a check for null pointer prior
to calling H5O_dec_rc()
Platforms tested:
Linux/64 (jelly)
Diffstat (limited to 'src/H5O.c')
| -rw-r--r-- | src/H5O.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -3345,7 +3345,8 @@ H5O_dec_rc(H5O_t *oh) FUNC_ENTER_NOAPI(FAIL) /* check args */ - HDassert(oh); + if (!oh) + HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "no name") /* Decrement reference count */ oh->rc--; |