Prevent buffer overrun in H5S_select_deserialize (#2963)

author: mattjala <124107509+mattjala@users.noreply.github.com> 2023-05-21 03:52:00 (GMT)
committer: GitHub <noreply@github.com> 2023-05-21 03:52:00 (GMT)
commit: 2eec25110a846baa5707d779c034f14af00e2af4 (patch)
tree: 88158de426835483f08071cd7dbc4d632a1f5128 /src/H5S.c
parent: 4bb3cad3823c107dbc24479d9879fcd4adeab9f3 (diff)
download: hdf5-2eec25110a846baa5707d779c034f14af00e2af4.zip
hdf5-2eec25110a846baa5707d779c034f14af00e2af4.tar.gz
hdf5-2eec25110a846baa5707d779c034f14af00e2af4.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/src/H5S.c b/src/H5S.c
index d9d4cae..8dbc9a1 100644
--- a/src/H5S.c
+++ b/src/H5S.c
@@ -1672,9 +1672,10 @@ H5S_decode(const unsigned char **p)
     if (H5S_select_all(ds, FALSE) < 0)
         HGOTO_ERROR(H5E_DATASPACE, H5E_CANTSET, NULL, "unable to set all selection")
 
-    /* Decode the select part of dataspace.  I believe this part always exists. */
+    /* Decode the select part of dataspace.
+     *  Because size of buffer is unknown, assume arbitrarily large buffer to allow decoding. */
     *p = pp;
-    if (H5S_SELECT_DESERIALIZE(&ds, p) < 0)
+    if (H5S_SELECT_DESERIALIZE(&ds, p, SIZE_MAX) < 0)
         HGOTO_ERROR(H5E_DATASPACE, H5E_CANTDECODE, NULL, "can't decode space selection")
 
     /* Set return value */
author	mattjala <124107509+mattjala@users.noreply.github.com>	2023-05-21 03:52:00 (GMT)
committer	GitHub <noreply@github.com>	2023-05-21 03:52:00 (GMT)
commit	2eec25110a846baa5707d779c034f14af00e2af4 (patch)
tree	88158de426835483f08071cd7dbc4d632a1f5128 /src/H5S.c
parent	4bb3cad3823c107dbc24479d9879fcd4adeab9f3 (diff)
download	hdf5-2eec25110a846baa5707d779c034f14af00e2af4.zip hdf5-2eec25110a846baa5707d779c034f14af00e2af4.tar.gz hdf5-2eec25110a846baa5707d779c034f14af00e2af4.tar.bz2