This CVE issue was previously listed as fixed (via HDFFV-9950) back in
2016, but with no confirmation test. Now that test files exist for
the 2016 Talos CVE issues, we found that CVE-2016-4332 can raise an
assert in debug builds.
This fix replaces the assert with pointer checks that don't raise
errors or asserts. Since the function is in cleanup code, we do our
best to close and free things, even when presented with partially-
initialized structs.
Fixes CVE-2016-4332 and HDFFV-9950 (confirmed via the cve_hdf5 repo)
* Fix for the bug exposed from running test/set_extent.c when selection I/O is enabled.
This is a fix from Neil.
The test/set_extent.c is modified to test for selection I/O enabled.
* Fixed extra semi warning by adjusting alternative macro definitions
* Find-replace H5E_END_TRY; -> H5E_END_TRY
* Made H5Epush_goto a do-while loop, fixed indentation
* Made GOTOERROR and ERRMSG do-while loops
* Made Hgoto_error and Hgoto_done do-while loops
* Made vrfy_cint_type and vrfy_ctype do-while loops
* Made TEST_TYPE_CONTIG and others do-while loops
* Removed extraneous semi-colons
* Committing clang-format changes
---------
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
A malformed file could result in chunk index memory leaks. Under most
conditions (i.e., when the --enable-using-memchecker option is NOT
used), this would result in a small memory leak and and infinite loop
and abort when shutting down the library. The infinite loop would be
due to the "free list" package not being able to clear its resources
so the library couldn't shut down. When the "using a memory checker"
option is used, the free lists are disabled so there is just a memory
leak with no abort on library shutdown.
The chunk index resources are now correctly cleaned up when reading
misparsed files and valgrind confirms no memory leaks.
* Update files to skip list and ignore_words_list for codespell to not
check files generated by autotools. Autotools generate misspellings
that can't be fixed in HDF5 code.
- If the HDF5 library has been build with either thread-safety or
subfiling VFD feature on it will have an additional dependency
on a threading library. This dependency has been added to the
hdf-config.cmake.in file.
* removed the use of encoded single apostrophe, and fix H5Dread_chunk from write to read
* updated sanitizer paragraph
* fixed brief description for H5Fget_info
