summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--release_docs/RELEASE.txt39
-rw-r--r--src/H5Odtype.c2
2 files changed, 28 insertions, 13 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 8e4a3c2..158472c 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -172,19 +172,6 @@ Bug Fixes since HDF5-1.13.3 release
===================================
Library
-------
- - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx
-
- Make sure info block for external links has at least 3 bytes.
-
- According to the specification, the information block for external links
- contains 1 byte of version/flag information and two 0 terminated strings
- for the object linked to and the full path.
- Although not very useful, the minimum string length for each (with
- terminating 0) would be one byte.
- Checking this helps to avoid SEGVs triggered by bogus files.
-
- (EFE - 2022/10/09 GH-2233)
-
- Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf
Validate location (offset) of the accumulated metadata when comparing.
@@ -199,6 +186,19 @@ Bug Fixes since HDF5-1.13.3 release
member in the same structure is true the location is valid.
(EFE - 2022/10/10 GH-2230)
+
+ - Fix CVE-2018-16438 / GHSA-9xmm-cpf8-rgmx
+
+ Make sure info block for external links has at least 3 bytes.
+
+ According to the specification, the information block for external links
+ contains 1 byte of version/flag information and two 0 terminated strings
+ for the object linked to and the full path.
+ Although not very useful, the minimum string length for each (with
+ terminating 0) would be one byte.
+ Checking this helps to avoid SEGVs triggered by bogus files.
+
+ (EFE - 2022/10/09 GH-2233)
- Fix CVE-2021-45830 / GHSA-5h2h-fjjr-x9m2
@@ -213,6 +213,19 @@ Bug Fixes since HDF5-1.13.3 release
(EFE - 2022/10/05 GH-2228)
+ - Fix CVE-2018-14031 / GHSA-2xc7-724c-r36j
+
+ Parent of enum datatype message must have the same size as the
+ enum datatype message itself.
+ Functions accessing the enumeration values use the size of the
+ enumeration datatype to determine the size of each element and
+ how much data to copy.
+ Thus the size of the enumeration and its parent need to match.
+ Check in H5O_dtype_decode_helper() to avoid unpleasant surprises
+ later.
+
+ (EFE - 2022/09/28 GH-2236)
+
- Fix CVE-2018-17439 / GHSA-vcxv-vp43-rch7
H5IMget_image_info(): Make sure to not exceed local array size
diff --git a/src/H5Odtype.c b/src/H5Odtype.c
index 831344b..870aeac 100644
--- a/src/H5Odtype.c
+++ b/src/H5Odtype.c
@@ -470,6 +470,8 @@ H5O__dtype_decode_helper(unsigned *ioflags /*in,out*/, const uint8_t **pp, H5T_t
HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, FAIL, "memory allocation failed")
if (H5O__dtype_decode_helper(ioflags, pp, dt->shared->parent) < 0)
HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "unable to decode parent datatype")
+ if (dt->shared->parent->shared->size != dt->shared->size)
+ HGOTO_ERROR(H5E_DATATYPE, H5E_BADSIZE, FAIL, "ENUM datatype size does not match parent")
/* Check if the parent of this enum has a version greater than the
* enum itself. */