From 81b1ed4e1724b8a6a731ab2b8fb03234a8b49d15 Mon Sep 17 00:00:00 2001 From: Vailin Choi Date: Fri, 13 Mar 2020 11:22:22 -0500 Subject: Fix issues when deserializing point/all/none selection with version beyond the library's supported version: (1) Verify the decoded version before proceeding further with deserialization (2) Close the dataspace if errors occurred after opening the dataspace --- src/H5Rint.c | 8 +++++++- src/H5Sall.c | 3 +++ src/H5Snone.c | 3 +++ src/H5Spkg.h | 11 +++++++---- src/H5Spoint.c | 3 +++ 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/src/H5Rint.c b/src/H5Rint.c index 1df8a20..30f3dbb 100644 --- a/src/H5Rint.c +++ b/src/H5Rint.c @@ -1768,6 +1768,7 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, H5O_token_t token = { 0 }; size_t data_size; const uint8_t *p; + H5S_t *space = NULL; herr_t ret_value = SUCCEED; FUNC_ENTER_PACKAGE @@ -1788,7 +1789,6 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, if(space_ptr) { H5O_loc_t oloc; /* Object location */ - H5S_t *space = NULL; /* Initialize the object location */ H5O_loc_reset(&oloc); @@ -1812,6 +1812,12 @@ H5R__decode_token_region_compat(H5F_t *f, const unsigned char *buf, done: H5MM_free(data); + + if(ret_value < 0) { + if(space && H5S_close(space) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CLOSEERROR, FAIL, "unable to release dataspace") + } + FUNC_LEAVE_NOAPI(ret_value) } /* end H5R__decode_token_region_compat() */ diff --git a/src/H5Sall.c b/src/H5Sall.c index 4a4245d..77fb582 100644 --- a/src/H5Sall.c +++ b/src/H5Sall.c @@ -690,6 +690,9 @@ H5S__all_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(*p, version); + if(version < H5S_ALL_VERSION_1 || version > H5S_ALL_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for all selection") + /* Skip over the remainder of the header */ *p += 8; diff --git a/src/H5Snone.c b/src/H5Snone.c index 0949b2a..630d1d5 100644 --- a/src/H5Snone.c +++ b/src/H5Snone.c @@ -648,6 +648,9 @@ H5S__none_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(*p, version); + if(version < H5S_NONE_VERSION_1 || version > H5S_NONE_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for none selection") + /* Skip over the remainder of the header */ *p += 8; diff --git a/src/H5Spkg.h b/src/H5Spkg.h index e139bce..da2dd4a 100644 --- a/src/H5Spkg.h +++ b/src/H5Spkg.h @@ -47,14 +47,17 @@ #define H5S_HYPER_VERSION_LATEST H5S_HYPER_VERSION_3 /* Versions for H5S_SEL_POINTS selection info */ -#define H5S_POINT_VERSION_1 1 -#define H5S_POINT_VERSION_2 2 +#define H5S_POINT_VERSION_1 1 +#define H5S_POINT_VERSION_2 2 +#define H5S_POINT_VERSION_LATEST H5S_POINT_VERSION_2 /* Versions for H5S_SEL_NONE selection info */ -#define H5S_NONE_VERSION_1 1 +#define H5S_NONE_VERSION_1 1 +#define H5S_NONE_VERSION_LATEST H5S_NONE_VERSION_1 /* Versions for H5S_SEL_ALL selection info */ -#define H5S_ALL_VERSION_1 1 +#define H5S_ALL_VERSION_1 1 +#define H5S_ALL_VERSION_LATEST H5S_ALL_VERSION_1 /* Encoded size of selection info for H5S_SEL_POINTS/H5S_SEL_HYPER */ #define H5S_SELECT_INFO_ENC_SIZE_2 0x02 /* 2 bytes: 16 bits */ diff --git a/src/H5Spoint.c b/src/H5Spoint.c index 721211e..6948125 100644 --- a/src/H5Spoint.c +++ b/src/H5Spoint.c @@ -1413,6 +1413,9 @@ H5S__point_deserialize(H5S_t **space, const uint8_t **p) /* Decode version */ UINT32DECODE(pp, version); + if(version < H5S_POINT_VERSION_1 || version > H5S_POINT_VERSION_LATEST) + HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "bad version number for point selection") + if(version >= (uint32_t)H5S_POINT_VERSION_2) /* Decode size of point info */ enc_size = *(pp)++; -- cgit v0.12