diff options
| author | Egbert Eich <eich@suse.com> | 2022-11-11 06:05:00 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-11 06:05:00 (GMT) |
| commit | 0f94940f1a9ae95de38b70709eb413511b76c73b (patch) | |
| tree | 6ddf84feb36d47b7849b024250dd2cd8321b8b26 /src | |
| parent | 34ec3bb7bc129f52bda4d82601f3bce65426459d (diff) | |
| download | hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.zip hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.tar.gz hdf5-0f94940f1a9ae95de38b70709eb413511b76c73b.tar.bz2 | |
H5O_dtype_decode_helper: Parent of enum needs to have same size as enum itself (#2237)
The size of the enumeration values is determined by the size of the parent.
Functions accessing the enumeration values use the size of the enumeration
to determine the size of each element and how much data to copy. Thus the
size of the enumeration and its parent need to match.
Check here to avoid unpleasant surprises later.
This fixes CVE-2018-14031 / Bug #2236.
Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/H5Odtype.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/H5Odtype.c b/src/H5Odtype.c index 831344b..870aeac 100644 --- a/src/H5Odtype.c +++ b/src/H5Odtype.c @@ -470,6 +470,8 @@ H5O__dtype_decode_helper(unsigned *ioflags /*in,out*/, const uint8_t **pp, H5T_t HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, FAIL, "memory allocation failed") if (H5O__dtype_decode_helper(ioflags, pp, dt->shared->parent) < 0) HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "unable to decode parent datatype") + if (dt->shared->parent->shared->size != dt->shared->size) + HGOTO_ERROR(H5E_DATATYPE, H5E_BADSIZE, FAIL, "ENUM datatype size does not match parent") /* Check if the parent of this enum has a version greater than the * enum itself. */ |