diff options
author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-10-26 18:04:35 (GMT) |
---|---|---|
committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2020-10-26 18:04:35 (GMT) |
commit | 273c0c18368e5e54d61467e9e5b70e6fd87981c5 (patch) | |
tree | c833ab2f1b28d4a8ad0b5687390201fc6c013abc /src/H5Osdspace.c | |
parent | a4269a08b91e794c1de4058348e076be9fef657e (diff) | |
download | hdf5-273c0c18368e5e54d61467e9e5b70e6fd87981c5.zip hdf5-273c0c18368e5e54d61467e9e5b70e6fd87981c5.tar.gz hdf5-273c0c18368e5e54d61467e9e5b70e6fd87981c5.tar.bz2 |
Fix HDFFV-10590
Description
This is to fix the CVE issue CVE-2018-17432.
h5repack produced a segfault on a corrupted file. This fix modified the
dataspace encode and decode functions per Quincey's suggestion to prevent
the segfault and h5repack only failed for the corrupted file now.
Platforms tested:
Linux/64 (jelly)
Diffstat (limited to 'src/H5Osdspace.c')
-rw-r--r-- | src/H5Osdspace.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c index e3ec4b0..83702eb 100644 --- a/src/H5Osdspace.c +++ b/src/H5Osdspace.c @@ -140,7 +140,7 @@ H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UN /* Get or determine the type of the extent */ if (version >= H5O_SDSPACE_VERSION_2) { sdim->type = (H5S_class_t)*p++; - if(sdim->type != H5S_SIMPLE && sdim->rank > 0) + if (sdim->type != H5S_SIMPLE && sdim->rank > 0) HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace") } /* end if */ else { @@ -252,16 +252,16 @@ H5O__sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg) } /* end else */ /* Encode dataspace dimensions for simple dataspaces */ - if(H5S_SIMPLE == sdim->type) { + if (H5S_SIMPLE == sdim->type) { /* Encode current & maximum dimensions */ - if(sdim->rank > 0) { - for(u = 0; u < sdim->rank; u++) + if (sdim->rank > 0) { + for (u = 0; u < sdim->rank; u++) H5F_ENCODE_LENGTH(f, p, sdim->size[u]); - if(flags & H5S_VALID_MAX) - for(u = 0; u < sdim->rank; u++) + if (flags & H5S_VALID_MAX) + for (u = 0; u < sdim->rank; u++) H5F_ENCODE_LENGTH(f, p, sdim->max[u]); } /* end if */ - } /* end if */ + } /* end if */ FUNC_LEAVE_NOAPI(SUCCEED) } /* end H5O__sdspace_encode() */ |