summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorDana Robinson <derobins@hdfgroup.org>2018-03-13 00:56:54 (GMT)
committerDana Robinson <derobins@hdfgroup.org>2018-03-13 00:56:54 (GMT)
commitb877534a330a201e3b5c51d97daa8e01a5c1cd3a (patch)
tree0823bdc3769590346d483f089ed158538fd131ee /src
parent26109aad51393d2a9e6d3a667a0a3ddf8b5e874e (diff)
downloadhdf5-b877534a330a201e3b5c51d97daa8e01a5c1cd3a.zip
hdf5-b877534a330a201e3b5c51d97daa8e01a5c1cd3a.tar.gz
hdf5-b877534a330a201e3b5c51d97daa8e01a5c1cd3a.tar.bz2
Added a fix for HDFFV-10358.
Diffstat (limited to 'src')
-rw-r--r--src/H5Gcache.c3
-rw-r--r--src/H5Gent.c7
-rw-r--r--src/H5Gpkg.h2
3 files changed, 8 insertions, 4 deletions
diff --git a/src/H5Gcache.c b/src/H5Gcache.c
index 65115a5..b447cad 100644
--- a/src/H5Gcache.c
+++ b/src/H5Gcache.c
@@ -170,6 +170,7 @@ H5G__cache_node_deserialize(const void *_image, size_t len, void *_udata,
H5F_t *f = (H5F_t *)_udata; /* User data for callback */
H5G_node_t *sym = NULL; /* Symbol table node created */
const uint8_t *image = (const uint8_t *)_image; /* Pointer to image to deserialize */
+ const uint8_t *image_end = image + len - 1; /* Pointer to end of image buffer */
void *ret_value = NULL; /* Return value */
FUNC_ENTER_STATIC
@@ -203,7 +204,7 @@ H5G__cache_node_deserialize(const void *_image, size_t len, void *_udata,
UINT16DECODE(image, sym->nsyms);
/* entries */
- if(H5G__ent_decode_vec(f, &image, sym->entry, sym->nsyms) < 0)
+ if(H5G__ent_decode_vec(f, &image, image_end, sym->entry, sym->nsyms) < 0)
HGOTO_ERROR(H5E_SYM, H5E_CANTLOAD, NULL, "unable to decode symbol table entries")
/* Set return value */
diff --git a/src/H5Gent.c b/src/H5Gent.c
index 7987850..6e076ae 100644
--- a/src/H5Gent.c
+++ b/src/H5Gent.c
@@ -91,7 +91,7 @@ H5FL_BLK_EXTERN(str_buf);
*-------------------------------------------------------------------------
*/
herr_t
-H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, H5G_entry_t *ent, unsigned n)
+H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, const uint8_t *p_end, H5G_entry_t *ent, unsigned n)
{
unsigned u; /* Local index variable */
herr_t ret_value = SUCCEED; /* Return value */
@@ -104,9 +104,12 @@ H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp, H5G_entry_t *ent, unsign
HDassert(ent);
/* decode entries */
- for(u = 0; u < n; u++)
+ for(u = 0; u < n; u++) {
+ if(*pp > p_end)
+ HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "ran off the end of the image buffer")
if(H5G_ent_decode(f, pp, ent + u) < 0)
HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode")
+ }
done:
FUNC_LEAVE_NOAPI(ret_value)
diff --git a/src/H5Gpkg.h b/src/H5Gpkg.h
index 76bf08b..20e595f 100644
--- a/src/H5Gpkg.h
+++ b/src/H5Gpkg.h
@@ -395,7 +395,7 @@ H5_DLL void H5G__ent_copy(H5G_entry_t *dst, const H5G_entry_t *src,
H5_copy_depth_t depth);
H5_DLL void H5G__ent_reset(H5G_entry_t *ent);
H5_DLL herr_t H5G__ent_decode_vec(const H5F_t *f, const uint8_t **pp,
- H5G_entry_t *ent, unsigned n);
+ const uint8_t *p_end, H5G_entry_t *ent, unsigned n);
H5_DLL herr_t H5G__ent_encode_vec(const H5F_t *f, uint8_t **pp,
const H5G_entry_t *ent, unsigned n);
H5_DLL herr_t H5G__ent_convert(H5F_t *f, hid_t dxpl_id, H5HL_t *heap,