From d767e6a067aacee0d33a51d5c584d6676afc3df9 Mon Sep 17 00:00:00 2001
From: Dana Robinson <derobins@hdfgroup.org>
Date: Tue, 18 Jun 2019 11:42:53 -0700
Subject: Fixed a bug in the links code where iterating over an empty group
 would pass a NULL pointer to qsort(3), which is undefined behavior.

Fixes HDFFV-10829
---
 release_docs/RELEASE.txt | 12 ++++++++++++
 src/H5Glink.c            | 16 +++++++++++-----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index 78118b8..fc236bb 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -375,6 +375,18 @@ Bug Fixes since HDF5-1.10.3 release
 
       (JTH - 2018/08/25, HDFFV-10501)
 
+    - When iterating over an old-style group (i.e., when not using the latest
+      file format) of size 0, a NULL pointer representing the empty links
+      table would be sent to qsort(3) for sorting, which is undefined behavior.
+
+      Iterating over an empty group is explicitly tested in the links test.
+      This has not caused any failures to date and was flagged by gcc's
+      -fsanitize=undefined.
+
+      The library no longer attempts to sort an empty array.
+
+      (DER - 2019/06/18, HDFFV-10829)
+
     Java Library:
     ----------------
     - JNI native library dependencies
diff --git a/src/H5Glink.c b/src/H5Glink.c
index 82a2dcf..89f0266 100644
--- a/src/H5Glink.c
+++ b/src/H5Glink.c
@@ -402,15 +402,14 @@ done:
 
 
 /*-------------------------------------------------------------------------
- * Function:	H5G__link_sort_table
+ * Function:    H5G__link_sort_table
  *
  * Purpose:     Sort table containing a list of links for a group
  *
- * Return:	Success:        Non-negative
- *		Failure:	Negative
+ * Return:      SUCCEED/FAIL
  *
- * Programmer:	Quincey Koziol
- *	        Nov 20, 2006
+ * Programmer:  Quincey Koziol
+ *              Nov 20, 2006
  *
  *-------------------------------------------------------------------------
  */
@@ -423,6 +422,13 @@ H5G__link_sort_table(H5G_link_table_t *ltable, H5_index_t idx_type,
     /* Sanity check */
     HDassert(ltable);
 
+    /* Can't sort when empty since the links table will be NULL */
+    if(0 == ltable->nlinks)
+        return SUCCEED;
+
+    /* This should never be NULL if the number of links is non-zero */
+    HDassert(ltable->lnks);
+
     /* Pick appropriate sorting routine */
     if(idx_type == H5_INDEX_NAME) {
         if(order == H5_ITER_INC)
-- 
cgit v0.12