mirror/hdf5
2
0
Fork 0
mirror of https://github.com/HDFGroup/hdf5.git synced 2025-04-12 17:31:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixed allocation-size-too-big error in H5MM.c (#5076)

Browse Source 
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
This commit is contained in:
bmribler 2025-01-25 19:54:09 -05:00 committed by GitHub
parent 1f62484a93
commit 99aac48336
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/H5Centry.c
View File

@ -933,17 +933,18 @@ H5C__verify_len_eoa(H5F_t *f, const H5C_class_t *type, haddr_t addr, size_t *len
if (H5_addr_gt(addr, eoa))
HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "address of object past end of allocation");
/* Check if the amount of data to read will be past the EOA */
if (H5_addr_gt((addr + *len), eoa)) {
/* Check if the amount of data to read will be past the EOA, or wraps around */
if (H5_addr_lt((addr + *len), addr) || H5_addr_gt((addr + *len), eoa)) {
if (actual)
HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "actual len exceeds EOA");
else
else {
/* Trim down the length of the metadata */
*len = (size_t)(eoa - addr);
} /* end if */
if (*len <= 0)
HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");
if (*len <= 0)
HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");
} /* end else */
} /* end if */
done:
FUNC_LEAVE_NOAPI(ret_value)