From 4b9ca8e1f62c36b8ab5eb803b72df2b0b6fed548 Mon Sep 17 00:00:00 2001
From: David Young <dyoung@hdfgroup.org>
Date: Tue, 23 Nov 2021 08:05:01 -0600
Subject: Avoid calling H5Ropen_object with a misaligned H5R_ref_t: copy the
 (#1171)

* Avoid calling H5Ropen_object with a misaligned H5R_ref_t: copy the
raw H5R_ref_t bytes to a heap buffer that's known to have the right
alignment.

* Committing clang-format changes

* Use an automatic H5R_ref_t instead of malloc'ing one.  Go ahead and
initialize the H5R_ref_t to all-0s so that arbitrary stack content
doesn't foul things up.  Bail out with an error if `size` exceeds
`sizeof(H5R_ref_t)`.

* Committing clang-format changes

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
---
 tools/lib/h5tools.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/tools/lib/h5tools.c b/tools/lib/h5tools.c
index 4de2c5c..db8df16 100644
--- a/tools/lib/h5tools.c
+++ b/tools/lib/h5tools.c
@@ -1890,15 +1890,21 @@ render_bin_output(FILE *stream, hid_t container, hid_t tid, void *_mem, hsize_t
                     hid_t        region_id    = H5I_INVALID_HID;
                     hid_t        region_space = H5I_INVALID_HID;
                     H5S_sel_type region_type;
+                    H5R_ref_t    tref;
+
+                    if (size > sizeof(tref))
+                        H5TOOLS_THROW((-1), "unexpectedly large ref");
+
+                    HDmemset(&tref, 0, sizeof(tref));
 
                     for (block_index = 0; block_index < block_nelmts; block_index++) {
                         mem = ((unsigned char *)_mem) + block_index * size;
-                        if ((region_id = H5Ropen_object((H5R_ref_t *)mem, H5P_DEFAULT, H5P_DEFAULT)) < 0)
+                        HDmemcpy(&tref, mem, size);
+                        if ((region_id = H5Ropen_object(&tref, H5P_DEFAULT, H5P_DEFAULT)) < 0)
                             H5TOOLS_INFO("H5Ropen_object H5T_STD_REF failed");
                         else {
-                            if ((region_space = H5Ropen_region((H5R_ref_t *)mem, H5P_DEFAULT, H5P_DEFAULT)) >=
-                                0) {
-                                if (!h5tools_is_zero(mem, H5Tget_size(H5T_STD_REF))) {
+                            if ((region_space = H5Ropen_region(&tref, H5P_DEFAULT, H5P_DEFAULT)) >= 0) {
+                                if (!h5tools_is_zero(&tref, H5Tget_size(H5T_STD_REF))) {
                                     region_type = H5Sget_select_type(region_space);
                                     if (region_type == H5S_SEL_POINTS)
                                         render_bin_output_region_points(region_space, region_id, stream,
-- 
cgit v0.12