From 367e4a393361418a318269a18118da62c1c4f565 Mon Sep 17 00:00:00 2001 From: glennsong09 <43005495+glennsong09@users.noreply.github.com> Date: Tue, 11 Apr 2023 16:09:05 -0500 Subject: Clean up memory allocated when reading messages in H5Dlayout on error (#2602) (#2687) --- release_docs/RELEASE.txt | 10 ++++++++++ src/H5Dlayout.c | 20 +++++++++++++++----- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 94f3eb3..c04ead5 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -151,6 +151,16 @@ Bug Fixes since HDF5-1.13.3 release =================================== Library ------- + - Fixed memory leaks that could occur when reading a dataset from a + malformed file + + When attempting to read layout, pline, and efl information for a + dataset, memory leaks could occur if attempting to read pline/efl + information threw an error, which is due to the memory that was + allocated for pline and efl not being properly cleaned up on error. + + (GS - 2023/4/11 GH#2602) + - Fixed potential heap buffer overrun in group info header decoding from malformed file H5O__ginfo_decode could sometimes read past allocated memory when parsing a group info message from the header of a malformed file. diff --git a/src/H5Dlayout.c b/src/H5Dlayout.c index 26bdc55..dd1d2b7 100644 --- a/src/H5Dlayout.c +++ b/src/H5Dlayout.c @@ -589,7 +589,9 @@ herr_t H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) { htri_t msg_exists; /* Whether a particular type of message exists */ + hbool_t pline_copied = FALSE; /* Flag to indicate that dcpl_cache.pline's message was copied */ hbool_t layout_copied = FALSE; /* Flag to indicate that layout message was copied */ + hbool_t efl_copied = FALSE; /* Flag to indicate that the EFL message was copied */ herr_t ret_value = SUCCEED; /* Return value */ FUNC_ENTER_PACKAGE @@ -605,7 +607,7 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) /* Retrieve the I/O pipeline message */ if (NULL == H5O_msg_read(&(dataset->oloc), H5O_PLINE_ID, &dataset->shared->dcpl_cache.pline)) HGOTO_ERROR(H5E_DATASET, H5E_CANTGET, FAIL, "can't retrieve message") - + pline_copied = TRUE; /* Set the I/O pipeline info in the property list */ if (H5P_set(plist, H5O_CRT_PIPELINE_NAME, &dataset->shared->dcpl_cache.pline) < 0) HGOTO_ERROR(H5E_DATASET, H5E_CANTSET, FAIL, "can't set pipeline") @@ -628,6 +630,7 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) /* Retrieve the EFL message */ if (NULL == H5O_msg_read(&(dataset->oloc), H5O_EFL_ID, &dataset->shared->dcpl_cache.efl)) HGOTO_ERROR(H5E_DATASET, H5E_CANTGET, FAIL, "can't retrieve message") + efl_copied = TRUE; /* Set the EFL info in the property list */ if (H5P_set(plist, H5D_CRT_EXT_FILE_LIST_NAME, &dataset->shared->dcpl_cache.efl) < 0) @@ -659,10 +662,17 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "unable to set chunk sizes") done: - if (ret_value < 0 && layout_copied) - if (H5O_msg_reset(H5O_LAYOUT_ID, &dataset->shared->layout) < 0) - HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset layout info") - + if (ret_value < 0) { + if (pline_copied) + if (H5O_msg_reset(H5O_PLINE_ID, &dataset->shared->dcpl_cache.pline) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset pipeline info") + if (layout_copied) + if (H5O_msg_reset(H5O_LAYOUT_ID, &dataset->shared->layout) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset layout info") + if (efl_copied) + if (H5O_msg_reset(H5O_EFL_ID, &dataset->shared->dcpl_cache.efl) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset efl message") + } FUNC_LEAVE_NOAPI(ret_value) } /* end H5D__layout_oh_read() */ -- cgit v0.12