From 298d7218d5cfbc43b33167e5edf2549c5a9bd839 Mon Sep 17 00:00:00 2001 From: glennsong09 <43005495+glennsong09@users.noreply.github.com> Date: Mon, 17 Apr 2023 21:10:15 -0500 Subject: Clean up memory allocated when reading messages in H5Dlayout on error (#2769) --- release_docs/RELEASE.txt | 8 ++++++++ src/H5Dlayout.c | 19 +++++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index b3b9f75..969f959 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -148,6 +148,14 @@ Bug Fixes since HDF5-1.14.0 release =================================== Library ------- + - Fixed memory leaks that could occur when reading a dataset from a malformed + file + + When attempting to read layout, pline, and efl information for a dataset, + memory leaks could occur if attempting to read pline/efl information threw + an error, which is due to memory being allocated for pline and efl not being + properly cleaned up on error. + - Fixed potential buffer overrun issues in some object header decode routines Several checks were added to H5O__layout_decode and H5O__sdspace_decode to diff --git a/src/H5Dlayout.c b/src/H5Dlayout.c index 8a10a37..08766dd 100644 --- a/src/H5Dlayout.c +++ b/src/H5Dlayout.c @@ -587,7 +587,9 @@ herr_t H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) { htri_t msg_exists; /* Whether a particular type of message exists */ + hbool_t pline_copied = FALSE; /* Flag to indicate that pline's message was copied */ hbool_t layout_copied = FALSE; /* Flag to indicate that layout message was copied */ + hbool_t efl_copied = FALSE; /* Flag to indicate that efl message was copied */ herr_t ret_value = SUCCEED; /* Return value */ FUNC_ENTER_PACKAGE @@ -603,6 +605,7 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) /* Retrieve the I/O pipeline message */ if (NULL == H5O_msg_read(&(dataset->oloc), H5O_PLINE_ID, &dataset->shared->dcpl_cache.pline)) HGOTO_ERROR(H5E_DATASET, H5E_CANTGET, FAIL, "can't retrieve message") + pline_copied = TRUE; /* Set the I/O pipeline info in the property list */ if (H5P_set(plist, H5O_CRT_PIPELINE_NAME, &dataset->shared->dcpl_cache.pline) < 0) @@ -626,6 +629,7 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) /* Retrieve the EFL message */ if (NULL == H5O_msg_read(&(dataset->oloc), H5O_EFL_ID, &dataset->shared->dcpl_cache.efl)) HGOTO_ERROR(H5E_DATASET, H5E_CANTGET, FAIL, "can't retrieve message") + efl_copied = TRUE; /* Set the EFL info in the property list */ if (H5P_set(plist, H5D_CRT_EXT_FILE_LIST_NAME, &dataset->shared->dcpl_cache.efl) < 0) @@ -657,10 +661,17 @@ H5D__layout_oh_read(H5D_t *dataset, hid_t dapl_id, H5P_genplist_t *plist) HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "unable to set chunk sizes") done: - if (ret_value < 0 && layout_copied) - if (H5O_msg_reset(H5O_LAYOUT_ID, &dataset->shared->layout) < 0) - HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset layout info") - + if (ret_value < 0) { + if (pline_copied) + if (H5O_msg_reset(H5O_PLINE_ID, &dataset->shared->dcpl_cache.pline) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset pipeline info") + if (layout_copied) + if (H5O_msg_reset(H5O_LAYOUT_ID, &dataset->shared->layout) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset layout info") + if (efl_copied) + if (H5O_msg_reset(H5O_EFL_ID, &dataset->shared->dcpl_cache.efl) < 0) + HDONE_ERROR(H5E_DATASET, H5E_CANTRESET, FAIL, "unable to reset efl message") + } FUNC_LEAVE_NOAPI(ret_value) } /* end H5D__layout_oh_read() */ -- cgit v0.12