diff options
| -rw-r--r-- | MANIFEST | 1 | ||||
| -rw-r--r-- | src/H5Osdspace.c | 19 | ||||
| -rw-r--r-- | testpar/t_mdset.c | 12 | ||||
| -rw-r--r-- | tools/test/h5repack/CMakeTests.cmake | 6 | ||||
| -rw-r--r-- | tools/test/h5repack/h5repack.sh.in | 34 | ||||
| -rw-r--r-- | tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 | bin | 0 -> 7648 bytes |
6 files changed, 57 insertions, 15 deletions
@@ -2761,6 +2761,7 @@ ./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_test.ddl ./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_version_test.ddl ./tools/test/h5repack/testfiles/h5repack_layout.h5-plugin_zero.ddl +./tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 ./tools/test/h5repack/testfiles/GS.h5repack_paged_nopersist.h5.ddl ./tools/test/h5repack/testfiles/S.h5repack_fsm_aggr_persist.h5.ddl ./tools/test/h5repack/testfiles/SP.h5repack_fsm_aggr_nopersist.h5.ddl diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c index b34eb76..83702eb 100644 --- a/src/H5Osdspace.c +++ b/src/H5Osdspace.c @@ -138,8 +138,11 @@ H5O__sdspace_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UN flags = *p++; /* Get or determine the type of the extent */ - if (version >= H5O_SDSPACE_VERSION_2) + if (version >= H5O_SDSPACE_VERSION_2) { sdim->type = (H5S_class_t)*p++; + if (sdim->type != H5S_SIMPLE && sdim->rank > 0) + HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace") + } /* end if */ else { /* Set the dataspace type to be simple or scalar as appropriate */ if (sdim->rank > 0) @@ -248,13 +251,15 @@ H5O__sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg) *p++ = 0; /*reserved*/ } /* end else */ - /* Current & maximum dimensions */ - if (sdim->rank > 0) { - for (u = 0; u < sdim->rank; u++) - H5F_ENCODE_LENGTH(f, p, sdim->size[u]); - if (flags & H5S_VALID_MAX) { + /* Encode dataspace dimensions for simple dataspaces */ + if (H5S_SIMPLE == sdim->type) { + /* Encode current & maximum dimensions */ + if (sdim->rank > 0) { for (u = 0; u < sdim->rank; u++) - H5F_ENCODE_LENGTH(f, p, sdim->max[u]); + H5F_ENCODE_LENGTH(f, p, sdim->size[u]); + if (flags & H5S_VALID_MAX) + for (u = 0; u < sdim->rank; u++) + H5F_ENCODE_LENGTH(f, p, sdim->max[u]); } /* end if */ } /* end if */ diff --git a/testpar/t_mdset.c b/testpar/t_mdset.c index a4bc26d..bf4ce73 100644 --- a/testpar/t_mdset.c +++ b/testpar/t_mdset.c @@ -1456,10 +1456,8 @@ read_attribute(hid_t obj_id, int this_type, int num) if (this_type == is_group) { HDsprintf(attr_name, "Group Attribute %d", num); aid = H5Aopen(obj_id, attr_name, H5P_DEFAULT); - if (MAINPROCESS) { - H5Aread(aid, H5T_NATIVE_INT, &in_num); - vrfy_errors = dataset_vrfy(NULL, NULL, NULL, group_block, &in_num, &num); - } + H5Aread(aid, H5T_NATIVE_INT, &in_num); + vrfy_errors = dataset_vrfy(NULL, NULL, NULL, group_block, &in_num, &num); H5Aclose(aid); } else if (this_type == is_dset) { @@ -1467,10 +1465,8 @@ read_attribute(hid_t obj_id, int this_type, int num) for (i = 0; i < 8; i++) out_data[i] = i; aid = H5Aopen(obj_id, attr_name, H5P_DEFAULT); - if (MAINPROCESS) { - H5Aread(aid, H5T_NATIVE_INT, in_data); - vrfy_errors = dataset_vrfy(NULL, NULL, NULL, dset_block, in_data, out_data); - } + H5Aread(aid, H5T_NATIVE_INT, in_data); + vrfy_errors = dataset_vrfy(NULL, NULL, NULL, dset_block, in_data, out_data); H5Aclose(aid); } diff --git a/tools/test/h5repack/CMakeTests.cmake b/tools/test/h5repack/CMakeTests.cmake index af73b75..81d619c 100644 --- a/tools/test/h5repack/CMakeTests.cmake +++ b/tools/test/h5repack/CMakeTests.cmake @@ -51,6 +51,7 @@ ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_named_dtypes.h5 ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nested_8bit_enum.h5 ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nested_8bit_enum_deflated.h5 + ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_nbit.h5 ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_objs.h5 ${HDF5_TOOLS_TEST_H5REPACK_SOURCE_DIR}/testfiles/h5repack_refs.h5 @@ -1549,6 +1550,11 @@ # Note: this test is experimental for sharing test file among tools ADD_H5_TEST (HDFFV-7840 "TEST" h5diff_attr1.h5) +# test CVE-2018-17432 fix + set (arg h5repack_HDFFV-10590_CVE-2018-17432.h5 h5repack_HDFFV-10590_CVE-2018-17432_out.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6) + set (TESTTYPE "TEST") + ADD_H5_FILTER_TEST (HDFFV-10590 "" ${TESTTYPE} 1 ${arg}) + # tests for metadata block size option ('-M') ADD_H5_TEST_META (meta_short h5repack_layout.h5 -M 8192) ADD_H5_TEST_META (meta_long h5repack_layout.h5 --metadata_block_size=8192) diff --git a/tools/test/h5repack/h5repack.sh.in b/tools/test/h5repack/h5repack.sh.in index a95a22e..3764081 100644 --- a/tools/test/h5repack/h5repack.sh.in +++ b/tools/test/h5repack/h5repack.sh.in @@ -128,6 +128,8 @@ $SRC_H5REPACK_TESTFILES/h5repack_paged_nopersist.h5 $SRC_H5REPACK_TESTFILES/h5repack_paged_persist.h5 ########h5diff/testfile######## $SRC_H5DIFF_TESTFILES/h5diff_attr1.h5 +########test#HDFFV-10590######## +$SRC_H5REPACK_TESTFILES/h5repack_HDFFV-10590_CVE-2018-17432.h5 ########tools/testfiles#for#external#links######## $SRC_TOOLS_TESTFILES/tsoftlinks.h5 $SRC_TOOLS_TESTFILES/textlinkfar.h5 @@ -865,6 +867,34 @@ TOOLTESTV() rm -f $outfile } +# Same as TOOLTEST, but expects h5repack fails +# +TOOLTEST_FAIL() +{ + infile=$1 + outfile=$2 + expect="$TESTDIR/$2-$1.ddl" + actual="$TESTDIR/$2-$1.out" + actual_err="$TESTDIR/$2-$1.err" + shift + shift + + # Run test. + TESTING $H5REPACK $@ + ( + cd $TESTDIR + $ENVCMD $RUNSERIAL $H5REPACK_BIN "$@" $infile $outfile + ) >$actual + RET=$? + if [ $RET == 0 ] ; then + nerrors="`expr $nerrors + 1`" + echo " FAILED" + else + echo " PASSED" + fi + rm -f $outfile +} + # This is same as TOOLTESTV() with comparing display output # with actual filename swapped # @@ -1681,6 +1711,10 @@ TOOLTEST HDFFV-5932 h5repack_attr_refs.h5 # Note: this test is experimental for sharing test file among tools TOOLTEST HDFFV-7840 h5diff_attr1.h5 +# test HDFFV-10590 +arg="h5repack_HDFFV-10590_CVE-2018-17432.h5 h5repack_HDFFV-10590_CVE-2018-17432_out.h5 --low=1 --high=2 -f GZIP=8 -l dset1:CHUNK=5x6" +TOOLTEST_FAIL $arg + # tests for metadata block size option TOOLTEST_META meta_short h5repack_layout.h5 -M 8192 TOOLTEST_META meta_long h5repack_layout.h5 --metadata_block_size=8192 diff --git a/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 b/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 Binary files differnew file mode 100644 index 0000000..7a815ba --- /dev/null +++ b/tools/test/h5repack/testfiles/h5repack_HDFFV-10590_CVE-2018-17432.h5 |