diff options
author | Egbert Eich <eich@suse.com> | 2022-12-02 20:24:14 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-02 20:24:14 (GMT) |
commit | 24700e8f0607e9a3782c843528e2c5a892d4d6f6 (patch) | |
tree | cf12df8269a0ba0f384921b257c0d7d36dcb6a12 /src/hdf5.lnt | |
parent | 88b24c258b8d938ab19eb015d019162bd66d5be6 (diff) | |
download | hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.zip hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.gz hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.bz2 |
CVE 2021 46242 develop (#2255)
* When evicting driver info block, NULL the corresponding entry
Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag
H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing the
pointer in f->shared->drvinfo will prevent use-after-free when it is used in other
functions (like H5F__dest()) - as other places will check whether the pointer is
initialized before using its value.
This fixes CVE-2021-46242 / Bug #2254
Signed-off-by: Egbert Eich <eich@suse.com>
* When evicting the superblock, NULL the corresponding entry
The call to H5AC_expunge_entry() will free the corresonding structure,
to avoid a use-after-free, the corrsponding pointer entry will be NULLed.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'src/hdf5.lnt')
0 files changed, 0 insertions, 0 deletions