mirror/hdf5
2
0
Fork 0
mirror of https://github.com/HDFGroup/hdf5.git synced 2025-03-01 16:28:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

HDFFV-10578 and HDFFV-10676

Browse Source 
Description:
    HDFFV-10578 - CVE-2018-17234
        The file has some issue, however, there was a bug in h5dump that caused
        memory leaks after the problem in the file was encountered. The bug
        was that an if statement was missing in the function table_list_add()
        resulting in the memory not being freed at a later time.
        After the fix had been applied, there were no more leaks after h5dump
        detected the issue in the file and reported the error.

        In H5O__chunk_deserialize, replaced an assert with an if statement
        and reporting error, per Neil's recommendation

    HDFFV-10676 - CVE-2018-13873
        Also in H5O__chunk_deserialize, added an assertion to detect
        out of bound ids
This commit is contained in:
Binh-Minh Ribler 2019-01-06 01:44:40 -06:00
parent 40c55f24ec
commit e1b59919bb
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/H5Ocache.c
View File

@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
/* Message size */
UINT16DECODE(chunk_image, mesg_size);
HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
/* Message flags */
flags = *chunk_image++;
@ -1402,6 +1403,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
HDassert(id < NELMTS(H5O_msg_class_g));
if((flags & H5O_MSG_FLAG_SHAREABLE)
&& H5O_msg_class_g[id]
&& !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))

7
tools/src/h5dump/h5dump.c
View File

@ -407,9 +407,10 @@ table_list_add(hid_t oid, unsigned long file_no)
}
if(init_objs(oid, &info, &table_list.tables[idx].group_table,
&table_list.tables[idx].dset_table, &table_list.tables[idx].type_table) < 0) {
H5Idec_ref(oid);
table_list.nused--;
return -1;
if (H5Idec_ref(oid) < 0) {
table_list.nused--;
return -1;
}
}
#ifdef H5DUMP_DEBUG