Check for overflow when calculating on-disk attribute data size (#2459)

* Remove duplicate code Signed-off-by: Egbert Eich <eich@suse.com> * Add test case for CVE-2021-37501 Bogus sizes in this test case causes the on-disk data size calculation in H5O__attr_decode() to overflow so that the calculated size becomes 0. This causes the read to overflow and h5dump to segfault. This test case was crafted, the test file was not directly generated by HDF5. Test case from: https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
author: Egbert Eich <eich@suse.com> 2023-03-02 17:17:49 (GMT)
committer: GitHub <noreply@github.com> 2023-03-02 17:17:49 (GMT)
commit: b16ec83d4bd79f9ffaad85de16056419f3532887 (patch)
tree: a8d04d51a806c1f0a0c52485ff8dc60c487ddc14 /tools/testfiles
parent: 877e4a67c5440f801e9faccf4ca1a451c89eae59 (diff)
download: hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.zip
hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.gz
hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.bz2
1 files changed, 0 insertions, 0 deletions
diff --git a/tools/testfiles/tCVE-2021-37501_attr_decode.h5 b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
new file mode 100644
index 0000000..331b05b
--- /dev/null
+++ b/tools/testfiles/tCVE-2021-37501_attr_decode.h5
author	Egbert Eich <eich@suse.com>	2023-03-02 17:17:49 (GMT)
committer	GitHub <noreply@github.com>	2023-03-02 17:17:49 (GMT)
commit	b16ec83d4bd79f9ffaad85de16056419f3532887 (patch)
tree	a8d04d51a806c1f0a0c52485ff8dc60c487ddc14 /tools/testfiles
parent	877e4a67c5440f801e9faccf4ca1a451c89eae59 (diff)
download	hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.zip hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.gz hdf5-b16ec83d4bd79f9ffaad85de16056419f3532887.tar.bz2