diff options
Diffstat (limited to 'release_docs/RELEASE.txt')
-rw-r--r-- | release_docs/RELEASE.txt | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 13c4b5a..72afd84 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -533,6 +533,26 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10355) + - If an HDF5 file contains a malformed compound datatype with a + suitably large offset, the type conversion code can run off + the end of the type conversion buffer, causing a segmentation + fault. + + This issue was reported to The HDF Group as issue #CVE-2017-17507. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + THE HDF GROUP WILL NOT FIX THIS BUG AT THIS TIME + + Fixing this problem would involve updating the publicly visible + H5T_conv_t function pointer typedef and versioning the API calls + which use it. We normally only modify the public API during + major releases, so this bug will not be fixed at this time. + + (DER - 2018/02/26, HDFFV-10356) + - If an HDF5 file contains a malformed compound type which contains a member of size zero, a division by zero error will occur while processing the type. @@ -548,6 +568,23 @@ Bug Fixes since HDF5-1.10.1 release (DER - 2018/02/26, HDFFV-10357) + - If an HDF5 file contains a malformed symbol table node that declares + it contains more symbols than it actually contains, the library + can run off the end of the metadata cache buffer while processing + the symbol table node. + + This issue was reported to The HDF Group as issue #CVE-2017-17509. + + NOTE: The HDF5 C library cannot produce such a file. This condition + should only occur in a corrupt (or deliberately altered) file + or a file created by third-party software. + + Performing bounds checks on the buffer while processing fixes the + problem. Instead of the segmentation fault, the normal HDF5 error + handling is invoked. + + (DER - 2018/03/12, HDFFV-10358) + Configuration ------------- - CMake @@ -858,11 +895,20 @@ Bug Fixes since HDF5-1.10.1 release C++ APIs -------- - - + - Removal of memory leaks + + A private function was inadvertently called, causing memory leaks. This + is now fixed. + + (BMR - 2018/03/12 - User's reported in email) Testing ------- - - + - Memory for three variables in testphdf5's coll_write_test was malloced + but not freed, leaking memory when running the test. The variables' + memory is now freed. + + (LRK - 2018/03/12, HDFFV-10397) Supported Platforms =================== |