Prevent buffer overrun in H5S_select_deserialize (#2953)

author: mattjala <124107509+mattjala@users.noreply.github.com> 2023-05-16 17:54:55 (GMT)
committer: GitHub <noreply@github.com> 2023-05-16 17:54:55 (GMT)
commit: 196078958c0c48f63aa8202e9447f3c75c98c26a (patch)
tree: a89a00c90eed0ac070afcd4db99586b50c98c545 /src/H5S.c
parent: f49a728a08ddc6f9915fd846aed1bc5f28978e64 (diff)
download: hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.zip
hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.tar.gz
hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/src/H5S.c b/src/H5S.c
index 70580b4..b0f9dbf 100644
--- a/src/H5S.c
+++ b/src/H5S.c
@@ -1654,9 +1654,10 @@ H5S_decode(const unsigned char **p)
     if (H5S_select_all(ds, FALSE) < 0)
         HGOTO_ERROR(H5E_DATASPACE, H5E_CANTSET, NULL, "unable to set all selection")
 
-    /* Decode the select part of dataspace.  I believe this part always exists. */
+    /* Decode the select part of dataspace.
+     *  Because size of buffer is unknown, assume arbitrarily large buffer to allow decoding. */
     *p = pp;
-    if (H5S_SELECT_DESERIALIZE(&ds, p) < 0)
+    if (H5S_SELECT_DESERIALIZE(&ds, p, SIZE_MAX) < 0)
         HGOTO_ERROR(H5E_DATASPACE, H5E_CANTDECODE, NULL, "can't decode space selection")
 
     /* Set return value */
author	mattjala <124107509+mattjala@users.noreply.github.com>	2023-05-16 17:54:55 (GMT)
committer	GitHub <noreply@github.com>	2023-05-16 17:54:55 (GMT)
commit	196078958c0c48f63aa8202e9447f3c75c98c26a (patch)
tree	a89a00c90eed0ac070afcd4db99586b50c98c545 /src/H5S.c
parent	f49a728a08ddc6f9915fd846aed1bc5f28978e64 (diff)
download	hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.zip hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.tar.gz hdf5-196078958c0c48f63aa8202e9447f3c75c98c26a.tar.bz2