diff options
author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-09 00:59:22 (GMT) |
---|---|---|
committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-09 00:59:22 (GMT) |
commit | 56b32278c4425afd8407f5b55310beed5c957d6a (patch) | |
tree | bc9ece55c0905e3ceb6cbf5797764921e0438d5f /src/H5Ocache.c | |
parent | 44a67451be8dfc4f7b2bede29f2b8bf865ac1787 (diff) | |
parent | 90d13bef33f9e2e80b23996a0c39f16f7c34ecf8 (diff) | |
download | hdf5-56b32278c4425afd8407f5b55310beed5c957d6a.zip hdf5-56b32278c4425afd8407f5b55310beed5c957d6a.tar.gz hdf5-56b32278c4425afd8407f5b55310beed5c957d6a.tar.bz2 |
Merge pull request #1441 in HDFFV/hdf5 from ~BMRIBLER/hdf5_bmr_fixbug:develop to develop
* commit '90d13bef33f9e2e80b23996a0c39f16f7c34ecf8':
Fixed typo Platforms tested: Darwin (osx1010test)
Refixed HDFFV-10578 Description: Applied Neil's fix for this issue after removing previous attempt. The resources are now released in init_objs() when failure occurs there. Neil will fix HDFFV-10676 separately. Platforms tested: Linux/64 (jelly) Linux/64 (platypus) Darwin (osx1010test)
Removed previous change in H5O__chunk_deserialize().
Removed the previous change in H5O__chunk_deserialize()
Removed previous change in table_list_add().
Removed the previous change in table_list_add()
Updated per review Description: HDFFV-10676 - CVE-2018-13873 Changed the new assert to if statement, per Dana's comment. Platforms tested: Linux/64 (jelly)
HDFFV-10578 and HDFFV-10676 Description: HDFFV-10578 - CVE-2018-17234 The file has some issue, however, there was a bug in h5dump that caused memory leaks after the problem in the file was encountered. The bug was that an if statement was missing in the function table_list_add() resulting in the memory not being freed at a later time. After the fix had been applied, there were no more leaks after h5dump detected the issue in the file and reported the error.
Diffstat (limited to 'src/H5Ocache.c')
-rw-r--r-- | src/H5Ocache.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/H5Ocache.c b/src/H5Ocache.c index 23c38b9..578cff0 100644 --- a/src/H5Ocache.c +++ b/src/H5Ocache.c @@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image /* Message size */ UINT16DECODE(chunk_image, mesg_size); - HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size)); + if(mesg_size != H5O_ALIGN_OH(oh, mesg_size)) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned") /* Message flags */ flags = *chunk_image++; |