summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDana Robinson <derobins@hdfgroup.org>2016-09-30 08:31:59 (GMT)
committerDana Robinson <derobins@hdfgroup.org>2016-09-30 08:31:59 (GMT)
commit77e7c43bf02f2e8f8ec834da7aca0c3e9599c5c0 (patch)
tree372586d18f4a3355638e6b84b10faded273aff55 /src
parent865553617111c44b036f30bdf5ae51df465572e4 (diff)
parent30ca70b0969ae0ab63104d7910523818e5385ac6 (diff)
downloadhdf5-77e7c43bf02f2e8f8ec834da7aca0c3e9599c5c0.zip
hdf5-77e7c43bf02f2e8f8ec834da7aca0c3e9599c5c0.tar.gz
hdf5-77e7c43bf02f2e8f8ec834da7aca0c3e9599c5c0.tar.bz2
Merge branch 'develop' into evict_on_close
Diffstat (limited to 'src')
-rw-r--r--src/H5Aint.c5
-rw-r--r--src/H5Odtype.c9
-rw-r--r--src/H5Znbit.c99
3 files changed, 83 insertions, 30 deletions
diff --git a/src/H5Aint.c b/src/H5Aint.c
index ea90118..66af0ff 100644
--- a/src/H5Aint.c
+++ b/src/H5Aint.c
@@ -2106,10 +2106,9 @@ H5A_attr_copy_file(const H5A_t *attr_src, H5F_t *file_dst, hbool_t *recompute_si
HDmemcpy(buf, attr_src->shared->data, attr_src->shared->data_size);
/* Allocate background memory */
- if(H5T_path_bkg(tpath_src_mem) || H5T_path_bkg(tpath_mem_dst)) {
+ if(H5T_path_bkg(tpath_src_mem) || H5T_path_bkg(tpath_mem_dst))
if(NULL == (bkg_buf = H5FL_BLK_CALLOC(attr_buf, buf_size)))
- HGOTO_ERROR(H5E_ATTR, H5E_CANTALLOC, FAIL, "memory allocation failed")
- }
+ HGOTO_ERROR(H5E_ATTR, H5E_CANTALLOC, NULL, "memory allocation failed")
/* Convert from source file to memory */
if(H5T_convert(tpath_src_mem, tid_src, tid_mem, nelmts, (size_t)0, (size_t)0, buf, bkg_buf, dxpl_id) < 0)
diff --git a/src/H5Odtype.c b/src/H5Odtype.c
index e51d319..799f475 100644
--- a/src/H5Odtype.c
+++ b/src/H5Odtype.c
@@ -311,7 +311,11 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
if(version == H5O_DTYPE_VERSION_1) {
/* Decode the number of dimensions */
ndims = *(*pp)++;
- HDassert(ndims <= 4);
+
+ /* Check that ndims is valid */
+ if(ndims > 4)
+ HGOTO_ERROR(H5E_DATATYPE, H5E_BADTYPE, FAIL, "invalid number of dimensions for array")
+
*pp += 3; /*reserved bytes */
/* Skip dimension permutation */
@@ -519,7 +523,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p
dt->shared->u.array.ndims = *(*pp)++;
/* Double-check the number of dimensions */
- HDassert(dt->shared->u.array.ndims <= H5S_MAX_RANK);
+ if(dt->shared->u.array.ndims > H5S_MAX_RANK)
+ HGOTO_ERROR(H5E_DATATYPE, H5E_CANTLOAD, FAIL, "too many dimensions for array datatype")
/* Skip reserved bytes, if version has them */
if(version < H5O_DTYPE_VERSION_3)
diff --git a/src/H5Znbit.c b/src/H5Znbit.c
index 04e8869..7a41d16 100644
--- a/src/H5Znbit.c
+++ b/src/H5Znbit.c
@@ -65,13 +65,13 @@ static void H5Z_nbit_decompress_one_nooptype(unsigned char *data, size_t data_of
unsigned char *buffer, size_t *j, size_t *buf_len, unsigned size);
static void H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, const parms_atomic *p);
-static void H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+static herr_t H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, const unsigned parms[],
unsigned *parms_index);
-static void H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+static herr_t H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, const unsigned parms[],
unsigned *parms_index);
-static void H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+static herr_t H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
const unsigned parms[]);
static void H5Z_nbit_compress_one_nooptype(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, unsigned size);
@@ -1011,7 +1011,8 @@ H5Z_filter_nbit(unsigned flags, size_t cd_nelmts, const unsigned cd_values[],
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, 0, "memory allocation failed for nbit decompression")
/* decompress the buffer */
- H5Z_nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values);
+ if(H5Z__nbit_decompress(outbuf, d_nelmts, (unsigned char *)*buf, cd_values) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, 0, "can't decompress buffer")
} /* end if */
/* output; compress */
else {
@@ -1166,13 +1167,16 @@ H5Z_nbit_decompress_one_atomic(unsigned char *data, size_t data_offset,
}
}
-static void
-H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
+static herr_t
+H5Z__nbit_decompress_one_array(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, const unsigned parms[],
unsigned *parms_index)
{
unsigned i, total_size, base_class, base_size, n, begin_index;
parms_atomic p;
+ herr_t ret_value = SUCCEED; /* Return value */
+
+ FUNC_ENTER_STATIC
total_size = parms[(*parms_index)++];
base_class = parms[(*parms_index)++];
@@ -1183,6 +1187,11 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
p.order = parms[(*parms_index)++];
p.precision = parms[(*parms_index)++];
p.offset = parms[(*parms_index)++];
+
+ /* Check values of precision and offset */
+ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
+ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
+
n = total_size / p.size;
for(i = 0; i < n; i++)
H5Z_nbit_decompress_one_atomic(data, data_offset + i * p.size,
@@ -1194,8 +1203,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
n = total_size / base_size; /* number of base_type elements inside the array datatype */
begin_index = *parms_index;
for(i = 0; i < n; i++) {
- H5Z_nbit_decompress_one_array(data, data_offset + i * base_size,
- buffer, j, buf_len, parms, parms_index);
+ if(H5Z__nbit_decompress_one_array(data, data_offset + i * base_size,
+ buffer, j, buf_len, parms, parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
*parms_index = begin_index;
}
break;
@@ -1205,8 +1215,9 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
n = total_size / base_size; /* number of base_type elements inside the array datatype */
begin_index = *parms_index;
for(i = 0; i < n; i++) {
- H5Z_nbit_decompress_one_compound(data, data_offset + i * base_size,
- buffer, j, buf_len, parms, parms_index);
+ if(H5Z__nbit_decompress_one_compound(data, data_offset + i * base_size,
+ buffer, j, buf_len, parms, parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
*parms_index = begin_index;
}
break;
@@ -1219,56 +1230,81 @@ H5Z_nbit_decompress_one_array(unsigned char *data, size_t data_offset,
default:
HDassert(0 && "This Should never be executed!");
} /* end switch */
+
+done:
+ FUNC_LEAVE_NOAPI(ret_value)
}
-static void
-H5Z_nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
+static herr_t
+H5Z__nbit_decompress_one_compound(unsigned char *data, size_t data_offset,
unsigned char *buffer, size_t *j, size_t *buf_len, const unsigned parms[],
unsigned *parms_index)
{
- unsigned i, nmembers, member_offset, member_class, size;
+ unsigned i, nmembers, member_offset, member_class, member_size, used_size = 0, size;
parms_atomic p;
+ herr_t ret_value = SUCCEED; /* Return value */
+
+ FUNC_ENTER_STATIC
- (*parms_index)++; /* skip total size of compound datatype */
+ size = parms[(*parms_index)++];
nmembers = parms[(*parms_index)++];
for(i = 0; i < nmembers; i++) {
member_offset = parms[(*parms_index)++];
member_class = parms[(*parms_index)++];
+
+ /* Check for overflow */
+ member_size = parms[*parms_index];
+ used_size += member_size;
+ if(used_size > size)
+ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "compound member offset overflowed compound size")
switch(member_class) {
case H5Z_NBIT_ATOMIC:
- p.size = parms[(*parms_index)++];
+ p.size = member_size;
+ /* Advance past member size */
+ (*parms_index)++;
p.order = parms[(*parms_index)++];
p.precision = parms[(*parms_index)++];
p.offset = parms[(*parms_index)++];
+
+ /* Check values of precision and offset */
+ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
+ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
+
H5Z_nbit_decompress_one_atomic(data, data_offset + member_offset,
buffer, j, buf_len, &p);
break;
case H5Z_NBIT_ARRAY:
- H5Z_nbit_decompress_one_array(data, data_offset + member_offset,
- buffer, j, buf_len, parms, parms_index);
+ if(H5Z__nbit_decompress_one_array(data, data_offset + member_offset,
+ buffer, j, buf_len, parms, parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
break;
case H5Z_NBIT_COMPOUND:
- H5Z_nbit_decompress_one_compound(data, data_offset+member_offset,
- buffer, j, buf_len, parms, parms_index);
+ if(H5Z__nbit_decompress_one_compound(data, data_offset+member_offset,
+ buffer, j, buf_len, parms, parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
break;
case H5Z_NBIT_NOOPTYPE:
- size = parms[(*parms_index)++];
+ /* Advance past member size */
+ (*parms_index)++;
H5Z_nbit_decompress_one_nooptype(data, data_offset+member_offset,
- buffer, j, buf_len, size);
+ buffer, j, buf_len, member_size);
break;
default:
HDassert(0 && "This Should never be executed!");
} /* end switch */
}
+
+done:
+ FUNC_LEAVE_NOAPI(ret_value)
}
-static void
-H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
+static herr_t
+H5Z__nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffer,
const unsigned parms[])
{
/* i: index of data, j: index of buffer,
@@ -1278,6 +1314,9 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
size_t buf_len;
parms_atomic p;
unsigned parms_index; /* index in array parms used by compression/decompression functions */
+ herr_t ret_value = SUCCEED; /* Return value */
+
+ FUNC_ENTER_STATIC
/* may not have to initialize to zeros */
HDmemset(data, 0, d_nelmts * parms[4]);
@@ -1292,6 +1331,11 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
p.order = parms[5];
p.precision = parms[6];
p.offset = parms[7];
+
+ /* Check values of precision and offset */
+ if(p.precision > p.size * 8 || (p.precision + p.offset) > p.size * 8)
+ HGOTO_ERROR(H5E_PLINE, H5E_BADTYPE, FAIL, "invalid datatype precision/offset")
+
for(i = 0; i < d_nelmts; i++)
H5Z_nbit_decompress_one_atomic(data, i * p.size, buffer, &j, &buf_len, &p);
break;
@@ -1300,7 +1344,8 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
size = parms[4];
parms_index = 4; /* set the index before goto function call */
for(i = 0; i < d_nelmts; i++) {
- H5Z_nbit_decompress_one_array(data, i * size, buffer, &j, &buf_len, parms, &parms_index);
+ if(H5Z__nbit_decompress_one_array(data, i * size, buffer, &j, &buf_len, parms, &parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress array")
parms_index = 4;
}
break;
@@ -1309,7 +1354,8 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
size = parms[4];
parms_index = 4; /* set the index before goto function call */
for(i = 0; i < d_nelmts; i++) {
- H5Z_nbit_decompress_one_compound(data, i * size, buffer, &j, &buf_len, parms, &parms_index);
+ if(H5Z__nbit_decompress_one_compound(data, i * size, buffer, &j, &buf_len, parms, &parms_index) < 0)
+ HGOTO_ERROR(H5E_PLINE, H5E_CANTFILTER, FAIL, "can't decompress compound")
parms_index = 4;
}
break;
@@ -1317,6 +1363,9 @@ H5Z_nbit_decompress(unsigned char *data, unsigned d_nelmts, unsigned char *buffe
default:
HDassert(0 && "This Should never be executed!");
} /* end switch */
+
+done:
+ FUNC_LEAVE_NOAPI(ret_value)
}
static void