From 7a4d7da14a745333c4e8f3955a0afd9db70969c0 Mon Sep 17 00:00:00 2001 From: Binh-Minh Ribler Date: Tue, 26 May 2020 15:39:39 -0500 Subject: Fix HDFFV-11053 Description: A superblock pointer was set to a temporary structure, as a kluge, and meant to be reset back to NULL after the processing was completed. However, in the case of failure before the completion, this setting caused the superblock pointer to be unpinned twice in the error recovery process. As a result, that generated a segfault in h5clear. The fix resets the superblock pointer to NULL after H5F__super_ext_remove_msg fails so that h5clear can fail properly. Note: After the fix, when built in debug mode, there will be an assertion failure with the user's file, which appeared to be corrupted: H5MM_final_sanity_check: Assertion `0 == H5MM_curr_alloc_bytes_s' failed. This did not happen on a good file or on the corrupted file with the library built in production mode. The un-freed memory were allocated during error recovery. Platforms tested: Linux/64 (jelly) --- src/H5Fsuper.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/H5Fsuper.c b/src/H5Fsuper.c index e5d4cde..40e93ec 100644 --- a/src/H5Fsuper.c +++ b/src/H5Fsuper.c @@ -897,7 +897,11 @@ H5F__super_read(H5F_t *f, H5P_genplist_t *fa_plist, hbool_t initial_read) } else { if(H5F__super_ext_remove_msg(f, H5O_FSINFO_ID) < 0) + { + f->shared->sblock = NULL; + HGOTO_ERROR(H5E_FILE, H5E_CANTDELETE, FAIL, "error in removing message from superblock extension") + } if(H5F__super_ext_write_msg(f, H5O_FSINFO_ID, &fsinfo, TRUE, H5O_MSG_FLAG_MARK_IF_UNKNOWN) < 0) HGOTO_ERROR(H5E_FILE, H5E_WRITEERROR, FAIL, "error in writing fsinfo message to superblock extension") -- cgit v0.12