diff options
author | Alex <aleksandrosansan@gmail.com> | 2023-08-23 19:35:06 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-08-23 19:35:06 (GMT) |
commit | 0b2e11d5c02303bcc3e762bb843a1d056258eac8 (patch) | |
tree | 18b18e80d80d58bfe6cace49a353f7bf2714be56 /src | |
parent | e1602a287b0f9520f5e92f65263359b5f04ebce7 (diff) | |
download | hdf5-0b2e11d5c02303bcc3e762bb843a1d056258eac8.zip hdf5-0b2e11d5c02303bcc3e762bb843a1d056258eac8.tar.gz hdf5-0b2e11d5c02303bcc3e762bb843a1d056258eac8.tar.bz2 |
Fix Heap-buffer-overflow WRITE in H5MM_memcpy (#3368)
Diffstat (limited to 'src')
-rw-r--r-- | src/H5Oalloc.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/H5Oalloc.c b/src/H5Oalloc.c index 16bbab8..5e80685 100644 --- a/src/H5Oalloc.c +++ b/src/H5Oalloc.c @@ -946,6 +946,9 @@ H5O__alloc_chunk(H5F_t *f, H5O_t *oh, size_t size, size_t found_null, const H5O_ else { assert(curr_msg->type->id != H5O_CONT_ID); + if (size < curr_msg->raw_size + (size_t)H5O_SIZEOF_MSGHDR_OH(oh)) + HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, FAIL, "invalid size"); + /* Copy the raw data */ H5MM_memcpy(p, curr_msg->raw - (size_t)H5O_SIZEOF_MSGHDR_OH(oh), curr_msg->raw_size + (size_t)H5O_SIZEOF_MSGHDR_OH(oh)); |