diff options
| author | Dana Robinson <43805+derobins@users.noreply.github.com> | 2021-05-28 14:10:51 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-28 14:10:51 (GMT) |
| commit | 2ddf5fbd92ebdb0d59e208d88f159eec8a1ffbf8 (patch) | |
| tree | 40975e0846d101360a838d42e16f4687fed77f4a /src/H5Osdspace.c | |
| parent | e22687912dbc6fcf4fff57e86e2cd5d75c81f81e (diff) | |
| download | hdf5-2ddf5fbd92ebdb0d59e208d88f159eec8a1ffbf8.zip hdf5-2ddf5fbd92ebdb0d59e208d88f159eec8a1ffbf8.tar.gz hdf5-2ddf5fbd92ebdb0d59e208d88f159eec8a1ffbf8.tar.bz2 | |
Much normalization with develop (#701)
* Brings CMake updates from develop
* Brings reduction in pedantic casts from develop
* Purges UFAIL from the library (#637)
* Committing clang-format changes
* Purges UFAIL from the library
* H5HL_insert change requested in PR
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Removes gratuitous (double)x.yF casts (#632)
* Committing clang-format changes
* Removes gratuitous (double)x.yF casts
* Committing clang-format changes
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Committing clang-format changes
* Cleans up a const warning left over from previous constification (#633)
* Committing clang-format changes
* Adds consts to a few global variables
* Cleans up a const warning left over from previous constification
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
* Formatted source
* Bring over some VOL registration changes
* VOL cleanup
* H5VL_request_status_t substitutions
* H5F.c cleanup
* Minor API tweaks from develop
* Moves H5G package init/teardown to H5Gint.c
* H5G cleanup
* H5M cleanup
* H5SM cleanup
* H5T cleanup
* H5R cleanup
* H5Lpublic.h cleanup
* H5L cleanup
* H5O cleanup
* H5A, H5CS, and H5AC cleanup
* Moved H5A init/teardown code to H5Aint.c
* Moves H5D I/O functions to H5D.c
* H5D cleanup
* Misc minor cleanup
* H5P close cleanup
* H5Tpublic.h cleanup
* Fixes err_compat test
* H5PLpublic.h cleanup
* Updates H5Ppublic.h
* H5Fpublic.h updates
* H5A.c cleanup
* Brings over H5Aexists and related changes
* Brings CMake shell testing changes from develop
* Close callback changes
* H5R and H5Tcommit normalization
* err_compat test works now
* H5O tweaks
* Updates VOL registration code
* Brings over H5VL_create_object
* H5Tconv.c reformatting
* H5T.c tweaks
* Brings datatype and reference updates from develop
* Brings VOL plugin loading changes from develop
* Brings event sets from develop
* Brings async functions over
* Tools changes
* Brings over many tools changes from develop
* Brings VOL flags from develop
* Fixes h5dump double/float tests
* Updates h5repack tests
* Brings h5diff test changes from develop
* Last h5dump changes
* Brings test changes from develop
* Committing clang-format changes
* Tidied h5_testing()
* Brings chunk iteration code + misc from develop
* Updates vds test
* Enables external link parallel test
* Brings updated property lists from develop
* H5G changes from develop
* H5MF cleanup
* Brings vfd_swmr test back into CMake
* Updates threadsafe test
* Updates plist test
* Brings recent changes from develop
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'src/H5Osdspace.c')
| -rw-r--r-- | src/H5Osdspace.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c index 2cdf6ec..dab989f 100644 --- a/src/H5Osdspace.c +++ b/src/H5Osdspace.c @@ -106,12 +106,13 @@ H5FL_ARR_EXTERN(hsize_t); --------------------------------------------------------------------------*/ static void * H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, - unsigned H5_ATTR_UNUSED *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + unsigned H5_ATTR_UNUSED *ioflags, size_t p_size, const uint8_t *p) { - H5S_extent_t *sdim = NULL; /* New extent dimensionality structure */ - unsigned flags, version; - unsigned i; /* Local counting variable */ - void * ret_value = NULL; /* Return value */ + H5S_extent_t * sdim = NULL; /* New extent dimensionality structure */ + unsigned flags, version; + unsigned i; /* Local counting variable */ + const uint8_t *p_end = p + p_size - 1; /* End of the p buffer */ + void * ret_value = NULL; /* Return value */ FUNC_ENTER_STATIC @@ -161,6 +162,13 @@ H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UN /* Decode dimension sizes */ if (sdim->rank > 0) { + /* Ensure that rank doesn't cause reading passed buffer's end, + due to possible data corruption */ + uint8_t sizeof_size = H5F_SIZEOF_SIZE(f); + if (p + (sizeof_size * sdim->rank - 1) > p_end) { + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "rank might cause reading passed buffer's end") + } + if (NULL == (sdim->size = (hsize_t *)H5FL_ARR_MALLOC(hsize_t, (size_t)sdim->rank))) HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") @@ -170,6 +178,11 @@ H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UN if (flags & H5S_VALID_MAX) { if (NULL == (sdim->max = (hsize_t *)H5FL_ARR_MALLOC(hsize_t, (size_t)sdim->rank))) HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + + /* Ensure that rank doesn't cause reading passed buffer's end */ + if (p + (sizeof_size * sdim->rank - 1) > p_end) + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "rank might cause reading passed buffer's end") + for (i = 0; i < sdim->rank; i++) H5F_DECODE_LENGTH(f, p, sdim->max[i]); } /* end if */ |