Brings the following changesets over from develop: (#2328)

b9244a85d9f1cc5e9bbec61ca73c0cbd9c4cf249 Align arg types of H5D_chunk_iter_op_t with H5Dget_chunk_info (#2074) 70cf2c390bc2eef8e57f8fa023341011e2d02d9d Removed idioms and misc. text clean-up (#2320) 8102fa8c972bdc0d8fd8f3dae604e070893150d6 Only document Fortran functions (#2319) 784061b15e176b9919c19a220ce278a9f4cddf0e moved onion VFD to FAPL group (#2321) 6b6bcdead66f0456ac0528683faac6a8e48b6565 Hdffv 11052 (#2315) 10c693a04ff0c4a5219879d7f8900157dcbece66 Update hdf5_header.html 0cb58080875070db09b5ecae92482519d58872bc Hdffv 11052 (#2303) a1c81eda203addced514ef655f7a9079f3f0bb04 added doc. warning for H5Literate_async return value (#2295) 502b32b0f22a4bcf6333c85c256db34162c2764a Updated H5ES documenation (#2293) a9036005c3916e6fda0296026323f00d043300f8 Fix for HDFFV-11052: h5debug fails on a corrupted file (h5_nrefs_POC)… (#2291)
author: Dana Robinson <43805+derobins@users.noreply.github.com> 2022-12-21 00:49:33 (GMT)
committer: GitHub <noreply@github.com> 2022-12-21 00:49:33 (GMT)
commit: 83c7f928f97b56a7a83f7f81b207cbe082136b1f (patch)
tree: f4896b9715f5b7f51226e6663eb153ebbb921634 /test
parent: a2ce031f32114fdb8d785f5f9685dc5633e73467 (diff)
download: hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.zip
hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.tar.gz
hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.tar.bz2
4 files changed, 57 insertions, 9 deletions
diff --git a/test/CMakeTests.cmake b/test/CMakeTests.cmake
index 74f63f4..5086194 100644
--- a/test/CMakeTests.cmake
+++ b/test/CMakeTests.cmake
@@ -126,6 +126,7 @@ set (HDF5_REFERENCE_TEST_FILES
     btree_idx_1_6.h5
     btree_idx_1_8.h5
     corrupt_stab_msg.h5
+    cve_2020_10812.h5
     deflate.h5
     family_v16-000000.h5
     family_v16-000001.h5
diff --git a/test/chunk_info.c b/test/chunk_info.c
index e38752f..5651b26 100644
--- a/test/chunk_info.c
+++ b/test/chunk_info.c
@@ -1508,9 +1508,9 @@ error:
 
 typedef struct chunk_iter_info_t {
     hsize_t  offset[2];
-    uint32_t filter_mask;
+    unsigned filter_mask;
     haddr_t  addr;
-    uint32_t nbytes;
+    hsize_t  size;
 } chunk_iter_info_t;
 
 typedef struct chunk_iter_udata_t {
@@ -1519,7 +1519,7 @@ typedef struct chunk_iter_udata_t {
 } chunk_iter_udata_t;
 
 static int
-iter_cb(const hsize_t *offset, uint32_t filter_mask, haddr_t addr, uint32_t nbytes, void *op_data)
+iter_cb(const hsize_t *offset, unsigned filter_mask, haddr_t addr, hsize_t size, void *op_data)
 {
     chunk_iter_udata_t *cidata = (chunk_iter_udata_t *)op_data;
     int                 idx    = cidata->last_index + 1;
@@ -1528,7 +1528,7 @@ iter_cb(const hsize_t *offset, uint32_t filter_mask, haddr_t addr, uint32_t nbyt
     cidata->chunk_info[idx].offset[1]   = offset[1];
     cidata->chunk_info[idx].filter_mask = filter_mask;
     cidata->chunk_info[idx].addr        = addr;
-    cidata->chunk_info[idx].nbytes      = nbytes;
+    cidata->chunk_info[idx].size        = size;
 
     cidata->last_index++;
 
@@ -1536,8 +1536,8 @@ iter_cb(const hsize_t *offset, uint32_t filter_mask, haddr_t addr, uint32_t nbyt
 }
 
 static int
-iter_cb_stop(const hsize_t H5_ATTR_UNUSED *offset, uint32_t H5_ATTR_UNUSED filter_mask,
-             haddr_t H5_ATTR_UNUSED addr, uint32_t H5_ATTR_UNUSED nbytes, void *op_data)
+iter_cb_stop(const hsize_t H5_ATTR_UNUSED *offset, unsigned H5_ATTR_UNUSED filter_mask,
+             haddr_t H5_ATTR_UNUSED addr, hsize_t H5_ATTR_UNUSED size, void *op_data)
 {
     chunk_iter_info_t **chunk_info = (chunk_iter_info_t **)op_data;
     *chunk_info += 1;
@@ -1545,8 +1545,8 @@ iter_cb_stop(const hsize_t H5_ATTR_UNUSED *offset, uint32_t H5_ATTR_UNUSED filte
 }
 
 static int
-iter_cb_fail(const hsize_t H5_ATTR_UNUSED *offset, uint32_t H5_ATTR_UNUSED filter_mask,
-             haddr_t H5_ATTR_UNUSED addr, uint32_t H5_ATTR_UNUSED nbytes, void *op_data)
+iter_cb_fail(const hsize_t H5_ATTR_UNUSED *offset, unsigned H5_ATTR_UNUSED filter_mask,
+             haddr_t H5_ATTR_UNUSED addr, hsize_t H5_ATTR_UNUSED size, void *op_data)
 {
     chunk_iter_info_t **chunk_info = (chunk_iter_info_t **)op_data;
     *chunk_info += 1;
@@ -1718,7 +1718,7 @@ test_basic_query(hid_t fapl)
         FAIL_PUTS_ERROR("offset[1] mismatch");
     if (chunk_infos[0].filter_mask != 0)
         FAIL_PUTS_ERROR("filter mask mismatch");
-    if (chunk_infos[0].nbytes != 96)
+    if (chunk_infos[0].size != 96)
         FAIL_PUTS_ERROR("size mismatch");
 
     if (chunk_infos[1].offset[0] != CHUNK_NX)
diff --git a/test/cve_2020_10812.h5 b/test/cve_2020_10812.h5
new file mode 100755
index 0000000..a20369d
--- /dev/null
+++ b/test/cve_2020_10812.h5
diff --git a/test/tmisc.c b/test/tmisc.c
index 5cad368..5fb44d4 100644
--- a/test/tmisc.c
+++ b/test/tmisc.c
@@ -330,6 +330,11 @@ typedef struct {
 #define MISC35_SPACE_DIM3 13
 #define MISC35_NPOINTS    10
 
+/* Definitions for misc. test #37 */
+/* The test file is formerly named h5_nrefs_POC.
+   See https://nvd.nist.gov/vuln/detail/CVE-2020-10812 */
+#define CVE_2020_10812_FILENAME "cve_2020_10812.h5"
+
 /****************************************************************
 **
 **  test_misc1(): test unlinking a dataset from a group and immediately
@@ -6046,6 +6051,47 @@ test_misc36(void)
 
 /****************************************************************
 **
+**  test_misc37():
+**      Test for seg fault issue when closing the provided test file
+**      which has an illegal file size in its cache image.
+**      See HDFFV-11052/CVE-2020-10812 for details.
+**
+****************************************************************/
+static void
+test_misc37(void)
+{
+    const char *testfile = H5_get_srcdir_filename(CVE_2020_10812_FILENAME);
+    hbool_t     driver_is_default_compatible;
+    hid_t       fid;
+    herr_t      ret;
+
+    /* Output message about test being performed */
+    MESSAGE(5, ("Fix for HDFFV-11052/CVE-2020-10812"));
+
+    ret = h5_driver_is_default_vfd_compatible(H5P_DEFAULT, &driver_is_default_compatible);
+    CHECK(ret, FAIL, "h5_driver_is_default_vfd_compatible");
+
+    if (!driver_is_default_compatible) {
+        HDprintf("-- SKIPPED --\n");
+        return;
+    }
+
+    fid = H5Fopen(testfile, H5F_ACC_RDONLY, H5P_DEFAULT);
+    CHECK(fid, FAIL, "H5Fopen");
+
+    /* This should fail due to the illegal file size.
+       It should fail gracefully and not seg fault */
+    H5E_BEGIN_TRY
+    {
+        ret = H5Fclose(fid);
+    }
+    H5E_END_TRY;
+    VERIFY(ret, FAIL, "H5Fclose");
+
+} /* end test_misc37() */
+
+/****************************************************************
+**
 **  test_misc(): Main misc. test routine.
 **
 ****************************************************************/
@@ -6111,6 +6157,7 @@ test_misc(void)
     test_misc34(); /* Test behavior of 0 and NULL in H5MM API calls */
     test_misc35(); /* Test behavior of free-list & allocation statistics API calls */
     test_misc36(); /* Exercise H5atclose and H5is_library_terminating */
+    test_misc37(); /* Test for seg fault failure at file close */
 
 } /* test_misc() */
author	Dana Robinson <43805+derobins@users.noreply.github.com>	2022-12-21 00:49:33 (GMT)
committer	GitHub <noreply@github.com>	2022-12-21 00:49:33 (GMT)
commit	83c7f928f97b56a7a83f7f81b207cbe082136b1f (patch)
tree	f4896b9715f5b7f51226e6663eb153ebbb921634 /test
parent	a2ce031f32114fdb8d785f5f9685dc5633e73467 (diff)
download	hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.zip hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.tar.gz hdf5-83c7f928f97b56a7a83f7f81b207cbe082136b1f.tar.bz2