Fix CVE-2018-13867 (#3336)

author: Dana Robinson <43805+derobins@users.noreply.github.com> 2023-08-02 22:44:19 (GMT)
committer: GitHub <noreply@github.com> 2023-08-02 22:44:19 (GMT)
commit: 86ddedf522aa8a72cfe03b9275ae16800d1fb5b9 (patch)
tree: c74e02f7dfbe75a002b83911bcbba55dcfaa93a1 /src
parent: 11e28fe8b84586eb6d99339f45ff3e502e2c5b60 (diff)
download: hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.zip
hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.tar.gz
hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/src/H5HLcache.c b/src/H5HLcache.c
index 653590d..377bc0f 100644
--- a/src/H5HLcache.c
+++ b/src/H5HLcache.c
@@ -194,6 +194,12 @@ H5HL__hdr_deserialize(H5HL_t *heap, const uint8_t *image, size_t len, H5HL_cache
         HGOTO_ERROR(H5E_HEAP, H5E_OVERFLOW, FAIL, "ran off end of input buffer while decoding");
     H5F_addr_decode_len(udata->sizeof_addr, &image, &(heap->dblk_addr));
 
+    /* Check that the datablock address is valid (might not be true
+     * in a corrupt file)
+     */
+    if (!H5_addr_defined(heap->dblk_addr))
+        HGOTO_ERROR(H5E_HEAP, H5E_BADVALUE, FAIL, "bad datablock address");
+
 done:
     FUNC_LEAVE_NOAPI(ret_value)
 } /* end H5HL__hdr_deserialize() */
author	Dana Robinson <43805+derobins@users.noreply.github.com>	2023-08-02 22:44:19 (GMT)
committer	GitHub <noreply@github.com>	2023-08-02 22:44:19 (GMT)
commit	86ddedf522aa8a72cfe03b9275ae16800d1fb5b9 (patch)
tree	c74e02f7dfbe75a002b83911bcbba55dcfaa93a1 /src
parent	11e28fe8b84586eb6d99339f45ff3e502e2c5b60 (diff)
download	hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.zip hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.tar.gz hdf5-86ddedf522aa8a72cfe03b9275ae16800d1fb5b9.tar.bz2