summaryrefslogtreecommitdiffstats
path: root/src/H5Oattr.c
diff options
context:
space:
mode:
authorBinh-Minh Ribler <bmribler@hdfgroup.org>2020-06-19 15:53:32 (GMT)
committerBinh-Minh Ribler <bmribler@hdfgroup.org>2020-06-19 15:53:32 (GMT)
commitc12da4884f18dda4c9dbc23efd10eb053ec7cf0d (patch)
treee71fd3771e13aff44085f52d6baa7985a379ae5b /src/H5Oattr.c
parentd20000ec51d50b66fc1226eeb656b8dc1358f826 (diff)
downloadhdf5-c12da4884f18dda4c9dbc23efd10eb053ec7cf0d.zip
hdf5-c12da4884f18dda4c9dbc23efd10eb053ec7cf0d.tar.gz
hdf5-c12da4884f18dda4c9dbc23efd10eb053ec7cf0d.tar.bz2
Fix HDFFV-10591
Description: h52gif produced a segfault when a buffer overflow occurred because the data size was corrupted and became very large. This commit added a check on the data size against the buffer size to prevent the segfault. It also added error reporting to h52gif to display an error message instead of silently exiting when the failure occurred. Platforms tested: Linux/64 (jelly) SunOS 5.11 (emu)
Diffstat (limited to 'src/H5Oattr.c')
-rw-r--r--src/H5Oattr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index aeaebea..e38ef5c 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -238,6 +238,11 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags,
/* Go get the data */
if(attr->shared->data_size) {
+ /* Ensure that data size doesn't exceed buffer size, in case of
+ it's being corrupted in the file */
+ if(attr->shared->data_size > p_size)
+ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size")
+
if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size)))
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
H5MM_memcpy(attr->shared->data, p, attr->shared->data_size);