diff options
Diffstat (limited to 'src/H5Oattr.c')
-rw-r--r-- | src/H5Oattr.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/src/H5Oattr.c b/src/H5Oattr.c index 7a17c6a..c8dd822 100644 --- a/src/H5Oattr.c +++ b/src/H5Oattr.c @@ -109,7 +109,10 @@ H5FL_EXTERN(H5S_extent_t); USAGE void *H5O_attr_decode(f, mesg_flags, p) H5F_t *f; IN: pointer to the HDF5 file struct - unsigned mesg_flags; IN: Message flags to influence decoding + H5O_t *open_oh; IN: pointer to the object header + unsigned mesg_flags; IN: message flags to influence decoding + unsigned *ioflags; IN: flags for decoding + size_t p_size; IN: size of buffer *p const uint8_t *p; IN: the raw information buffer RETURNS Pointer to the new message in native order on success, NULL on failure @@ -120,16 +123,16 @@ H5FL_EXTERN(H5S_extent_t); --------------------------------------------------------------------------*/ static void * H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, - unsigned *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + unsigned *ioflags, size_t p_size, const uint8_t *p) { - H5A_t *attr = NULL; - H5S_extent_t *extent; /*extent dimensionality information */ - size_t name_len; /*attribute name length */ - size_t dt_size; /* Datatype size */ - hssize_t sds_size; /* Signed Dataspace size */ - hsize_t ds_size; /* Dataspace size */ - unsigned flags = 0; /* Attribute flags */ - H5A_t *ret_value = NULL; /* Return value */ + H5A_t *attr = NULL; + H5S_extent_t *extent; /*extent dimensionality information */ + size_t name_len; /*attribute name length */ + size_t dt_size; /* Datatype size */ + hssize_t sds_size; /* Signed Dataspace size */ + hsize_t ds_size; /* Dataspace size */ + unsigned flags = 0; /* Attribute flags */ + H5A_t *ret_value = NULL; /* Return value */ FUNC_ENTER_NOAPI_NOINIT @@ -138,7 +141,7 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, HDassert(p); if(NULL == (attr = H5FL_CALLOC(H5A_t))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") if(NULL == (attr->shared = H5FL_CALLOC(H5A_shared_t))) HGOTO_ERROR(H5E_FILE, H5E_NOSPACE, NULL, "can't allocate shared attr structure") @@ -146,7 +149,7 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, /* Version number */ attr->shared->version = *p++; if(attr->shared->version < H5O_ATTR_VERSION_1 || attr->shared->version > H5O_ATTR_VERSION_LATEST) - HGOTO_ERROR(H5E_ATTR, H5E_CANTLOAD, NULL, "bad version number for attribute message") + HGOTO_ERROR(H5E_ATTR, H5E_CANTLOAD, NULL, "bad version number for attribute message") /* Get the flags byte if we have a later version of the attribute */ if(attr->shared->version >= H5O_ATTR_VERSION_2) { @@ -176,7 +179,7 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, /* Decode and store the name */ if(NULL == (attr->shared->name = H5MM_strdup((const char *)p))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Make an attempt to detect corrupted name or name length - HDFFV-10588 */ if(name_len != (HDstrlen(attr->shared->name) + 1)) @@ -200,7 +203,7 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, * What's actually shared, though, is only the extent. */ if(NULL == (attr->shared->ds = H5FL_CALLOC(H5S_t))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") /* Decode attribute's dataspace extent */ if((extent = (H5S_extent_t *)(H5O_MSG_SDSPACE->decode)(f, open_oh, @@ -238,6 +241,11 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, /* Go get the data */ if(attr->shared->data_size) { + /* Ensure that data size doesn't exceed buffer size, in case of + it's being corrupted in the file */ + if(attr->shared->data_size > p_size) + HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size") + if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size))) HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") H5MM_memcpy(attr->shared->data, p, attr->shared->data_size); |