Fix HDFFV-10591

Description:
    h52gif produced a segfault when a buffer overflow occurred because
    the data size was corrupted and became very large.  This commit added
    a check on the data size against the buffer size to prevent the segfault.
    It also added error reporting to h52gif to display an error message
    instead of silently exiting when the failure occurred.
Platforms tested:
    Linux/64 (jelly)
    SunOS 5.11 (emu)

1 files changed, 5 insertions, 0 deletions

diff --git a/src/H5Oattr.c b/src/H5Oattr.c
index aeaebea..e38ef5c 100644
--- a/src/H5Oattr.c
+++ b/src/H5Oattr.c
@@ -238,6 +238,11 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags,
 
     /* Go get the data */
     if(attr->shared->data_size) {
+        /* Ensure that data size doesn't exceed buffer size, in case of
+           it's being corrupted in the file */
+        if(attr->shared->data_size > p_size)
+            HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size")
+
         if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size)))
             HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed")
         H5MM_memcpy(attr->shared->data, p, attr->shared->data_size);