diff options
| author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-15 19:07:22 (GMT) |
|---|---|---|
| committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-15 19:07:22 (GMT) |
| commit | f4138013dbc6851e968ea3d37b32776538ef306b (patch) | |
| tree | 0d79619ad34017f065033cd0ba13de16748437ef /src/H5Ocache.c | |
| parent | dadf2b5fd8689e15ee5d28c74a5956391e914809 (diff) | |
| download | hdf5-f4138013dbc6851e968ea3d37b32776538ef306b.zip hdf5-f4138013dbc6851e968ea3d37b32776538ef306b.tar.gz hdf5-f4138013dbc6851e968ea3d37b32776538ef306b.tar.bz2 | |
Fixed HDFFV-10578
Description:
- HDFFV-10578 - CVE-2018-17234 Memory leak in H5O__chunk_deserialize()
Actually, the leak was in h5tools_util. Applied Neil's fix.
- Changed an assert to if/HGOTO_ERROR to fail gracefully.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1010test)
Diffstat (limited to 'src/H5Ocache.c')
| -rw-r--r-- | src/H5Ocache.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/H5Ocache.c b/src/H5Ocache.c index 1d69028..1fa4b10 100644 --- a/src/H5Ocache.c +++ b/src/H5Ocache.c @@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image /* Message size */ UINT16DECODE(chunk_image, mesg_size); - HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size)); + if(mesg_size != H5O_ALIGN_OH(oh, mesg_size)) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned") /* Message flags */ flags = *chunk_image++; |