diff options
author | Vailin Choi <vchoi@jam.ad.hdfgroup.org> | 2017-08-22 06:36:20 (GMT) |
---|---|---|
committer | Vailin Choi <vchoi@jam.ad.hdfgroup.org> | 2017-09-06 03:49:54 (GMT) |
commit | ccb68f709181942106eef92e3f39575add1792e6 (patch) | |
tree | 74782a9f6fc0d0fa02460c2368d4081fbea3cd63 /src/H5Oefl.c | |
parent | e964568753bcdca01af1bdc0d8b5ee6f4d314243 (diff) | |
download | hdf5-ccb68f709181942106eef92e3f39575add1792e6.zip hdf5-ccb68f709181942106eef92e3f39575add1792e6.tar.gz hdf5-ccb68f709181942106eef92e3f39575add1792e6.tar.bz2 |
Fix for HDFFV-10216 segfault in H5G_node_cmp3 with corrupt h5 file
Fix H5HL_offset_into() to return error when offset exceeds heap data block size.
Also fix other places that call this routine to detect error return.
Diffstat (limited to 'src/H5Oefl.c')
-rw-r--r-- | src/H5Oefl.c | 47 |
1 files changed, 24 insertions, 23 deletions
diff --git a/src/H5Oefl.c b/src/H5Oefl.c index 1de3059..c4b1d96 100644 --- a/src/H5Oefl.c +++ b/src/H5Oefl.c @@ -67,17 +67,17 @@ const H5O_msg_class_t H5O_MSG_EFL[1] = {{ /*------------------------------------------------------------------------- - * Function: H5O_efl_decode + * Function: H5O_efl_decode * * Purpose: Decode an external file list message and return a pointer to - * the message (and some other data). + * the message (and some other data). * - * Return: Success: Ptr to a new message struct. + * Return: Success: Ptr to a new message struct. * - * Failure: NULL + * Failure: NULL * * Programmer: Robb Matzke - * Tuesday, November 25, 1997 + * Tuesday, November 25, 1997 * * Modification: * Raymond Lu @@ -90,12 +90,12 @@ static void * H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) { - H5O_efl_t *mesg = NULL; - int version; - const char *s = NULL; - H5HL_t *heap; - size_t u; /* Local index variable */ - void *ret_value; /* Return value */ + H5O_efl_t *mesg = NULL; + int version; + const char *s = NULL; + H5HL_t *heap; + size_t u; /* Local index variable */ + void *ret_value = NULL; /* Return value */ FUNC_ENTER_NOAPI_NOINIT @@ -104,12 +104,12 @@ H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, HDassert(p); if(NULL == (mesg = (H5O_efl_t *)H5MM_calloc(sizeof(H5O_efl_t)))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Version */ version = *p++; if(version != H5O_EFL_VERSION) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for external file list message") + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for external file list message") /* Reserved */ p += 3; @@ -141,24 +141,25 @@ H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, /* Decode the file list */ mesg->slot = (H5O_efl_entry_t *)H5MM_calloc(mesg->nalloc * sizeof(H5O_efl_entry_t)); if(NULL == mesg->slot) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") if(NULL == (heap = H5HL_protect(f, dxpl_id, mesg->heap_addr, H5AC_READ))) HGOTO_ERROR(H5E_SYM, H5E_NOTFOUND, NULL, "unable to read protect link value") for(u = 0; u < mesg->nused; u++) { - /* Name */ - H5F_DECODE_LENGTH (f, p, mesg->slot[u].name_offset); + /* Name */ + H5F_DECODE_LENGTH (f, p, mesg->slot[u].name_offset); - s = (const char *)H5HL_offset_into(heap, mesg->slot[u].name_offset); - HDassert(s && *s); - mesg->slot[u].name = H5MM_xstrdup (s); + if((s = (const char *)H5HL_offset_into(heap, mesg->slot[u].name_offset)) == NULL) + HGOTO_ERROR(H5E_SYM, H5E_CANTGET, NULL, "unable to get external file name") + HDassert(s && *s); + mesg->slot[u].name = H5MM_xstrdup (s); HDassert(mesg->slot[u].name); - /* File offset */ - H5F_DECODE_LENGTH (f, p, mesg->slot[u].offset); + /* File offset */ + H5F_DECODE_LENGTH (f, p, mesg->slot[u].offset); - /* Size */ - H5F_DECODE_LENGTH (f, p, mesg->slot[u].size); + /* Size */ + H5F_DECODE_LENGTH (f, p, mesg->slot[u].size); } /* end for */ if(H5HL_unprotect(heap) < 0) |