diff options
author | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-15 17:48:31 (GMT) |
---|---|---|
committer | Binh-Minh Ribler <bmribler@hdfgroup.org> | 2019-01-15 17:48:31 (GMT) |
commit | bc3d878add940845a2ec5b8873f2d45a00926ce8 (patch) | |
tree | 2d021b79914677ebe82be9f57e41351f1cf8835a /testpar/t_dset.c | |
parent | 90d13bef33f9e2e80b23996a0c39f16f7c34ecf8 (diff) | |
download | hdf5-bc3d878add940845a2ec5b8873f2d45a00926ce8.zip hdf5-bc3d878add940845a2ec5b8873f2d45a00926ce8.tar.gz hdf5-bc3d878add940845a2ec5b8873f2d45a00926ce8.tar.bz2 |
Fixed HDFFV-10586 and HDFFV-10588
Description:
HDFFV-10586 CVE-2018-17434 Divide by zero inh5repack_filters
Added a check for zero value
HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper
This is actually an Invalid read issue. It was found that the
attribute name length in an attribute message was corrupted,
which caused the buffer pointer to be advanced too far and later
caused an invalid read.
Added a check to detect attribute name and its length mismatch. The
fix is not perfect, but it'll reduce the chance of this issue when a
name length is corrupted or the attribute name is corrupted.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1010test)
Diffstat (limited to 'testpar/t_dset.c')
0 files changed, 0 insertions, 0 deletions