mirror of
https://github.com/HDFGroup/hdf5.git
synced 2024-11-27 02:10:55 +08:00
dafc7285bb
* Fixed HDFFV-10480 (CVE-2018-11206) and HDFFV-11159 (CVE-2018-14033)
Description
Checked against buffer size to prevent segfault, in case of data corruption.
+ HDFFV-11159 CVE-2018-14033 Buffer over-read in H5O_layout_decode
+ HDFFV-10480 CVE-2018-11206 Buffer over-read in H5O_fill_new[/old]_decode
Platforms tested:
Linux/64 (jelly)
* Accidentally left in another occurrence of the previous patch from user
after a more correct fix was applied, that is the check now accounted
for the previous advance of the buffer pointer. Removed it.
* Typo
* Fixed format issues.
* Added test.
* Changed arguments to ADD_H5_TEST
* Fixing arguments to ADD_H5_TEST again.
* Fixing arguments again.
* Took out the CMake changes until Allen can help.
* Added files:
tCVE_2018_11206_fill_old.h5
tCVE_2018_11206_fill_new.h5
* Revert "Took out the CMake changes until Allen can help."
This reverts commit c21324d6e0.
* Revert "Fixing arguments again."
This reverts commit 5832a70674.
* Revert "Fixing arguments to ADD_H5_TEST again."
This reverts commit b45de823c2.
* Revert "Changed arguments to ADD_H5_TEST"
This reverts commit 16719824f5.
* Added first argument to ADD_H5_TEST for HDFFV-10480 fix.
* Changed argument 0 to 1
* Revert "Changed argument 0 to 1"
This reverts commit b343d6613b.
* Revert "Added first argument to ADD_H5_TEST for HDFFV-10480 fix."
This reverts commit b8a0f9a9e8.
* Added first argument and corrected the second.
* Updated fixes for HDFFV-10480 and HDFFV-11159/HDFFV-11049
* Improved error messages.
1.7 KiB
1.7 KiB