| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix for CVE-2018-15671
* Fix CVE-2016-4332
* Fix CVE-2018-11202
* Fix CVE-2018-11205
* Fix CVE-2018-13866
* Fix CVE-2018-13867 and CVE-2018-13871
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Merges from develop/1.14
* Fix doxygen warnings
* Fix spelling
* Fix doxygen ref
* Add braces
* Fix format
* Remove unused file
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix for HDFFV-11052: h5debug fails on a corrupted file (h5_nrefs_POC) producing a core dump.
When h5debug closes the corrupted file, the library calls H5F__dest() which performs all the
closing operations for the file "f" (H5F_t *) but just keeping note of errors in "ret_value"
all the way till the end of the routine. The user-provided corrupted file has an illegal
file size causing failure when reading the image during the closing process.
At the end of this routine it sets f->shared to NULL and then frees "f".
This is done whether there is error or not in "ret_value".
Due to the failure in reading the file earlier, the routine then returns error.
The error return from H5F__dest() causes the file object "f" not being removed from the
ID node table. When the library finally exits, it will try to close the
file objects in the table. This causes assertion failure for f->file_id > 0.
Fix:
a) H5F_dest(): free the f only when there is no error in "ret_value" at the end of the routine.
b) H5F__close_cb(): if f->shared is NULL, free "f"; otherwise, perform closing on "f" as before.
c) h5debug.c main(): track error return from H5Fclose().
|
| |
|
| |
|
| |
|
|
|
|
| |
Verified with valgrind -v --tool=memcheck --leak-check=full h5dump POV-GH-2603
The several invalid reads shown originally are now gone.
|
|
|
|
| |
(#2679) (#2730)
|
|
|
|
| |
(#2727)
|
|
|
|
|
|
|
|
|
| |
Malformed hdf5 files may have trunkated content which does not match
the expected size. When this function attempts to decode these it may
read past the end of the allocated space leading to heap overflows
as bounds checking is incomplete.
Make sure each element is within bounds before reading.
This fixes CVE-2019-8396 / HDFFV-10712 / github bug #2209.
|
|
|
|
|
|
|
|
|
|
|
|
| |
As indicated in the description, memory leak is detected when running "./h5dump pov".
The problem is: when calling H5O__add_cont_msg() from H5O__chunk_deserialize(),
memory is allocated for cont_msg_info->msgs. Eventually, when the library tries to load
the continuation message via H5AC_protect() in H5O_protect(), error is
encountered due to illegal info in the continuation message.
Due to the error, H5O_protect() exits but the memory allocated for cont_msg_info->msgs is not freed.
When we figure out how to handle fuzzed files that we didn't generate,
a test needs to be added to run h5dump with the provided "pov" file.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert asserts to error handling in efl decode
The function that decodes external data files object header messages
would call assert() when parsing malformed files, causing applications
to crash when linked against the debug library.
This change converts these assert() calls to HDF5 error checks, so
the messages are sanity checked in both release and debug mode and
debug mode no longer crashes applications.
Also cleaned up some error handling usage and debug checks.
* Free memory on H5O efl decode errors
* Add buffer size checks to efl msg decode
* Add parentheses to math expressions
Fixes GitHub #2605
|
|
|
|
| |
(#2632) (#2668)
|
|
|
|
|
|
|
|
| |
* Update HDF5 version after 1.10.10 release.
Update so numbers to match 1.10.10 release so numbers.
Update HISTORY-1_10.txt.
Clean RELEASE.txt entries.
* Missed one version change.
|
|
|
|
|
|
| |
* Revert "1 10 revert 2615 (#2629)"
This reverts commit 43e4e64d886e9072a6075c6369e84c0e273fa44f.
|
|
|
| |
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
|
| |
|
|
|
| |
Unused in the library
|
|
|
|
|
|
|
|
|
| |
* Add missing items for hpc/scripts and release versions of extra
* Update examples project version
* Add VS2022 options to build scripts
* And VS2022 added to windefs comment
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add Developer build mode to CMake (#1659)
* Add Developer build mode to CMake
* Set a few CMake variables for Developer build modes
* Refactor enabling of debug and developer-level compile definitions
* Convert cache debugging macros to normal ifdef style
Normal ifdef-style instead of if-style allows build system to define macros
without warning about redefining macros with different values (0 vs. 1)
* Add HDF5 Developer compile definitions to testing files
* Temporarily disable -fanalyzer flag for GCC 12+ Developer builds
* Fix Java tests for Developer build modes (#2079)
* Minor adjustment of Developer build mode changes for 1.10 branch
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Normalize platform-independence code w/ develop
* Use C99 types and functions in lieu of C89 work-arounds
* Align key files with develop
- H5public.h
- H5private.h
- H5system.c
- H5win32defs.h
* Minor fixes elsewhere to support changes in above files
* Incidentally brings Fortran mod directory settings file change over
This does NOT change the configure/build files. Those will still do the
checks needed for the C89 work-around cruft until the perf and perform
code gets cleaned up.
* Add C++98 fixes
* Explicitly set -std=c++98 in Autotools
* Do not include cstdlib in H5public.h (requires C++11)
* Remove redundant stdbool.h include
* Fix alarm issues on Windows
* Bring parallel alarm() changes from develop
|
|
|
|
| |
Add HDF5_SRC_INCLUDE_DIRS variable
cleanup cmake comments and documentation
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This has not been used to debug the library in a very long time. Most
developers use valgrind, -fsanitize=address, or some other memory checker
instead of this library.
This removes:
* dmalloc.h include from H5private.h
* --with-dmalloc= Autotools configure option
* HDF5_ENABLE_USING_DMALLOC CMake option
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Elaborate how cd_values get stored (#2522)
* Enclose MESG in do...while loop (#2576)
Enclose MSG macro in a do...while loop
* Add a clang-format comment about permissions (#2577)
* Check for overflow when calculating on-disk attribute data size (#2459)
* Remove duplicate code
Signed-off-by: Egbert Eich <eich@suse.com>
* Add test case for CVE-2021-37501
Bogus sizes in this test case causes the on-disk data size
calculation in H5O__attr_decode() to overflow so that the
calculated size becomes 0. This causes the read to overflow
and h5dump to segfault.
This test case was crafted, the test file was not directly
generated by HDF5.
Test case from:
https://github.com/ST4RF4LL/Something_Found/blob/main/HDF5_v1.13.0_h5dump_heap_overflow.md
---------
Co-authored-by: Mark (he/his) C. Miller <miller86@llnl.gov>
Co-authored-by: glennsong09 <43005495+glennsong09@users.noreply.github.com>
Co-authored-by: Dana Robinson <43805+derobins@users.noreply.github.com>
Co-authored-by: Egbert Eich <eich@suse.com>
|
|
|
| |
PR #1925 from develop
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix new codespell issues (#2521)
* Fix new codespell issues
* Have codespell ignore ./config/sanitizer/sanitizers.cmake
* Fix typo in genparser
---------
Co-authored-by: Mark Kittisopikul <mkitti@users.noreply.github.com>
|
|
|
|
| |
(#2513)
|
|
|
| |
An extra { in an ifdef'd-out block caused bad indentation in H5C.c
|
|
|
|
|
|
|
|
|
| |
* Add new/moved files
* Doxy corrections
* Aother Doxy correction
* Remove type not in 1.10
|
|
|
| |
* Merege uthash version update from develop
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backport H5Dchunk_iter to 1.10 branch
* Add some accessory files, test still needs work
* Apply proper formatting, and fix compile errors
* Remove const from H5D__chunk_iter as per #1700
* Align arg types of H5D_chunk_iter_op_t with H5Dget_chunk_info (#2074)
* Align arg types of H5D_chunk_iter_op_t with H5Dget_chunk_info
* Modify chunk_info test to for unsigned / hsize_t types
* Fix types in test
* Add test_basic_query, helper functions to test/chunk_info.c 1_10
* H5Dchunk_iter now passes offsets in units of dataset elements, fix #1419 (#1969)
* H5Dchunk_iter now passes chunk dimension scaled offsets, fix #1419
* Update docs for H5Dchunk_iter, H5Dget_chunk_info*
Modified description for `H5Dchunk_iter`, `H5Dget_chunk_info`, and `H5Dget_chunk_info_by_coord` to the following
* offset Logical position of the chunk’s first element in units of dataset elements
* filter_mask Bitmask indicating the filters used when the chunk was written
* size Chunk size in bytes, 0 if the chunk does not exist
* Fix regression of #1419
* Add a note about return fail in 1.12 and older for invalid chunk index
* Committing clang-format changes
* Run clang-format on test/chunk_info.c
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
|
|
|
|
|
| |
* Merge Merge CMake generated pkg-config file is incorrect #2259
* Fix spacing
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update CI and support files to match latest from 1.14
* Correct spelling
* More spelling corrections
* spelling fixes in testpar
* Fix spelling errors in tools
* More tools spelling fixes
* Spelling fixes for rest of tools and some src
* Fix spelling errors in src files, pt 2
* Fix spelling in src pt3
* Fix spelling errors pt4
* Fix spelling errors pt5
* Spelling fix pt6
* fix spelling error examples
* fix spelling in tests
* fix spelling errors in test pt2
* Fix spelling errors in test pt3
* fix spelling in test pt4
* Fix spelling errors in hl
* fix spelling errors in c++
* Spelling fixes for fortran
* spelling fixes for bin and java
* Add relative path
* Change spelling action to use a file for list of ignore words
* Fix spelling ignore list
* remove unused file
|
|
|
|
|
|
|
|
|
|
| |
(#2153) (#2278)
* Fix for HDFFV-10840: Instead of using fill->buf for datatype conversion
if it is large enough, a buffer is allocated regardless so that the element
in fill->buf can later be reclaimed.
Valgrind is run on test/set_extent.c and there is no memory leak.
* Add information of this fix to release notes.
|
| |
|
|
|
|
|
|
|
|
| |
szip (or libaec) is currently not tested in CI. This adds szip to the
the Autotools GitHub CI actions on Linux when building with the
Autotools.
This PR also cleans up a few warnings that remained in the szip-
related code so the -Werror check will pass.
|
| |
|
| |
|
| |
|