summaryrefslogtreecommitdiffstats
path: root/src/H5Oefl.c
diff options
context:
space:
mode:
authorVailin Choi <vchoi@jam.ad.hdfgroup.org>2017-08-22 06:36:20 (GMT)
committerVailin Choi <vchoi@jam.ad.hdfgroup.org>2017-09-06 03:49:54 (GMT)
commitccb68f709181942106eef92e3f39575add1792e6 (patch)
tree74782a9f6fc0d0fa02460c2368d4081fbea3cd63 /src/H5Oefl.c
parente964568753bcdca01af1bdc0d8b5ee6f4d314243 (diff)
downloadhdf5-ccb68f709181942106eef92e3f39575add1792e6.zip
hdf5-ccb68f709181942106eef92e3f39575add1792e6.tar.gz
hdf5-ccb68f709181942106eef92e3f39575add1792e6.tar.bz2
Fix for HDFFV-10216 segfault in H5G_node_cmp3 with corrupt h5 file
Fix H5HL_offset_into() to return error when offset exceeds heap data block size. Also fix other places that call this routine to detect error return.
Diffstat (limited to 'src/H5Oefl.c')
-rw-r--r--src/H5Oefl.c47
1 files changed, 24 insertions, 23 deletions
diff --git a/src/H5Oefl.c b/src/H5Oefl.c
index 1de3059..c4b1d96 100644
--- a/src/H5Oefl.c
+++ b/src/H5Oefl.c
@@ -67,17 +67,17 @@ const H5O_msg_class_t H5O_MSG_EFL[1] = {{
/*-------------------------------------------------------------------------
- * Function: H5O_efl_decode
+ * Function: H5O_efl_decode
*
* Purpose: Decode an external file list message and return a pointer to
- * the message (and some other data).
+ * the message (and some other data).
*
- * Return: Success: Ptr to a new message struct.
+ * Return: Success: Ptr to a new message struct.
*
- * Failure: NULL
+ * Failure: NULL
*
* Programmer: Robb Matzke
- * Tuesday, November 25, 1997
+ * Tuesday, November 25, 1997
*
* Modification:
* Raymond Lu
@@ -90,12 +90,12 @@ static void *
H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh,
unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p)
{
- H5O_efl_t *mesg = NULL;
- int version;
- const char *s = NULL;
- H5HL_t *heap;
- size_t u; /* Local index variable */
- void *ret_value; /* Return value */
+ H5O_efl_t *mesg = NULL;
+ int version;
+ const char *s = NULL;
+ H5HL_t *heap;
+ size_t u; /* Local index variable */
+ void *ret_value = NULL; /* Return value */
FUNC_ENTER_NOAPI_NOINIT
@@ -104,12 +104,12 @@ H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh,
HDassert(p);
if(NULL == (mesg = (H5O_efl_t *)H5MM_calloc(sizeof(H5O_efl_t))))
- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
/* Version */
version = *p++;
if(version != H5O_EFL_VERSION)
- HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for external file list message")
+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for external file list message")
/* Reserved */
p += 3;
@@ -141,24 +141,25 @@ H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh,
/* Decode the file list */
mesg->slot = (H5O_efl_entry_t *)H5MM_calloc(mesg->nalloc * sizeof(H5O_efl_entry_t));
if(NULL == mesg->slot)
- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
if(NULL == (heap = H5HL_protect(f, dxpl_id, mesg->heap_addr, H5AC_READ)))
HGOTO_ERROR(H5E_SYM, H5E_NOTFOUND, NULL, "unable to read protect link value")
for(u = 0; u < mesg->nused; u++) {
- /* Name */
- H5F_DECODE_LENGTH (f, p, mesg->slot[u].name_offset);
+ /* Name */
+ H5F_DECODE_LENGTH (f, p, mesg->slot[u].name_offset);
- s = (const char *)H5HL_offset_into(heap, mesg->slot[u].name_offset);
- HDassert(s && *s);
- mesg->slot[u].name = H5MM_xstrdup (s);
+ if((s = (const char *)H5HL_offset_into(heap, mesg->slot[u].name_offset)) == NULL)
+ HGOTO_ERROR(H5E_SYM, H5E_CANTGET, NULL, "unable to get external file name")
+ HDassert(s && *s);
+ mesg->slot[u].name = H5MM_xstrdup (s);
HDassert(mesg->slot[u].name);
- /* File offset */
- H5F_DECODE_LENGTH (f, p, mesg->slot[u].offset);
+ /* File offset */
+ H5F_DECODE_LENGTH (f, p, mesg->slot[u].offset);
- /* Size */
- H5F_DECODE_LENGTH (f, p, mesg->slot[u].size);
+ /* Size */
+ H5F_DECODE_LENGTH (f, p, mesg->slot[u].size);
} /* end for */
if(H5HL_unprotect(heap) < 0)