diff options
| author | Neil Fortner <nfortne2@hdfgroup.org> | 2019-01-08 01:30:26 (GMT) |
|---|---|---|
| committer | Neil Fortner <nfortne2@hdfgroup.org> | 2019-01-08 01:30:26 (GMT) |
| commit | 9c12b625fd092bc3e87eb21f1fa554951ff4bdd8 (patch) | |
| tree | 594691f1485f6a68f3c70ffcb438c9f7a02076b5 /src/H5Ocache.c | |
| parent | d9b1ec3ce8672cd9c308f72baedc8a6f7bb9474c (diff) | |
| parent | 685288beabc4f4383d69ec07be05c067fab78544 (diff) | |
| download | hdf5-9c12b625fd092bc3e87eb21f1fa554951ff4bdd8.zip hdf5-9c12b625fd092bc3e87eb21f1fa554951ff4bdd8.tar.gz hdf5-9c12b625fd092bc3e87eb21f1fa554951ff4bdd8.tar.bz2 | |
Merge pull request #1448 in HDFFV/hdf5 from ~NFORTNE2/hdf5_naf:develop to develop
Avoid potential invalid read when decoding unknown object header message.
* commit '685288beabc4f4383d69ec07be05c067fab78544':
Delay checking if decoded message's "shareable" flag is appropriate for the message type until we've verified we understand the message type. Reduce size of H5O_msg_class_g to *not* include space for H5O_BOGUS_INVALID. Make bogus messages shareable. Add new bogus message test with shareable messages to cover the formerly problematic code. Re-run gen_bogus.c to add this test case and also to fix the bogus_invalid messages that were no longer H5O_BOGUS_INVLAID due to a new message class being added in a previous commit. Added comment to remind developers to run gen_bogus.c when adding a new message class.
Diffstat (limited to 'src/H5Ocache.c')
| -rw-r--r-- | src/H5Ocache.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/H5Ocache.c b/src/H5Ocache.c index fba4f6e..23c38b9 100644 --- a/src/H5Ocache.c +++ b/src/H5Ocache.c @@ -1402,10 +1402,9 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN)) HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") - if((flags & H5O_MSG_FLAG_SHAREABLE) - && H5O_msg_class_g[id] - && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message of unsharable class flagged as sharable") + /* Delay checking the "shareable" flag until we've made sure id + * references a valid message class that this version of the library + * knows about */ /* Reserved bytes/creation index */ if(oh->version == H5O_VERSION_1) @@ -1517,9 +1516,17 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image mesgs_modified = TRUE; } /* end if */ } /* end if */ - else + else { + /* Check for message of unshareable class marked as "shareable" + */ + if((flags & H5O_MSG_FLAG_SHAREABLE) + && H5O_msg_class_g[id] + && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message of unshareable class flagged as shareable") + /* Set message class for "known" messages */ mesg->type = H5O_msg_class_g[id]; + } /* end else */ /* Do some inspection/interpretation of new messages from this chunk */ /* (detect continuation messages, ref. count messages, etc.) */ |