For Data Layout Messages version 1 & 2 the specification state
that the value stored in the data field is 1 greater than the
number of dimensions in the dataspace. For version 3 this is
not explicitly stated but the implementation suggests it to be
the case.
Thus the set value needs to be at least 2. For dimensionality
< 2 an out-of-bounds access occurs as in CVE-2021-45833.
This fixes CVE-2021-45833 / Bug #2240.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.com>
Co-authored-by: Larry Knox <lrknox@hdfgroup.org>
* Updated source file copyright headers to remove "Copyright by the Board of Trustees
of the University of Illinois", which is kept in the top-level COPYING file.
* Fixed HDFFV-10480 (CVE-2018-11206) and HDFFV-11159 (CVE-2018-14033)
Description
Checked against buffer size to prevent segfault, in case of data corruption.
+ HDFFV-11159 CVE-2018-14033 Buffer over-read in H5O_layout_decode
+ HDFFV-10480 CVE-2018-11206 Buffer over-read in H5O_fill_new[/old]_decode
Platforms tested:
Linux/64 (jelly)
* Accidentally left in another occurrence of the previous patch from user
after a more correct fix was applied, that is the check now accounted
for the previous advance of the buffer pointer. Removed it.
* Typo
* Fixed format issues.
* Added test.
* Changed arguments to ADD_H5_TEST
* Fixing arguments to ADD_H5_TEST again.
* Fixing arguments again.
* Took out the CMake changes until Allen can help.
* Added files:
tCVE_2018_11206_fill_old.h5
tCVE_2018_11206_fill_new.h5
* Revert "Took out the CMake changes until Allen can help."
This reverts commit c21324d6e0.
* Revert "Fixing arguments again."
This reverts commit 5832a70674.
* Revert "Fixing arguments to ADD_H5_TEST again."
This reverts commit b45de823c2.
* Revert "Changed arguments to ADD_H5_TEST"
This reverts commit 16719824f5.
* Added first argument to ADD_H5_TEST for HDFFV-10480 fix.
* Changed argument 0 to 1
* Revert "Changed argument 0 to 1"
This reverts commit b343d6613b.
* Revert "Added first argument to ADD_H5_TEST for HDFFV-10480 fix."
This reverts commit b8a0f9a9e8.
* Added first argument and corrected the second.
* Updated fixes for HDFFV-10480 and HDFFV-11159/HDFFV-11049
* Improved error messages.
* Modify temporary rpath for testing in java example scripts.
* Update URL in source file Copyright headers for web copy of COPYING
file - src and test directories.
reapplication to my new warnings branch, `warnings-again`. These
changes are included:
commit 915551b7bf64e777dd2007386ec77b1d117770da
Merge: 63858c2 a8892bb
Author: David Young <dyoung@hdfgroup.org>
Date: Mon Nov 25 17:39:49 2019 -0600
Merge remote-tracking branch 'hdf5/develop' into fprintf-experiment
commit a8892bb42d
Merge: 5c911d8f907b51
Author: David Young <dyoung@hdfgroup.org>
Date: Mon Nov 25 17:33:54 2019 -0600
Merge pull request #2055 in HDFFV/hdf5 from ~DYOUNG/vchoi_fork:add-werror-and-squash-some to develop
* commit 'f907b511d06612dafc7814a7c30f2f3d2b76d52b':
Oops, remove more C99 designated initializers for VS 2010 compatibility.
commit 63858c22e168acaec0af8ced6641f26102cc6bb0
Merge: 20ae787 5c911d8
Author: David Young <dyoung@hdfgroup.org>
Date: Mon Nov 25 17:04:42 2019 -0600
Merge remote-tracking branch 'hdf5/develop' into fprintf-experiment
commit 5c911d8baf
Merge: b8a567162208b0
Author: David Young <dyoung@hdfgroup.org>
Date: Mon Nov 25 16:58:27 2019 -0600
Merge pull request #2030 in HDFFV/hdf5 from ~DYOUNG/vchoi_fork:add-werror-and-squash-some to develop
* commit '62208b056a09c01855fbac7f75146be58ad6bfe5': (44 commits)
Add an #include to get a function declaration.
Don't use C99 designated initializers, they're not compatible with Visual Studio 2010.
Quiet some more maybe-uninitialized warnings---each is a false positive, *sigh*. This is more code that may not compile with VS2010, *sigh sigh*.
Always warn on maybe-uninitialized. -Wincompatible-pointer-types was not available until GCC 5, so enable it only if that's the GCC version we're using.
Only promote maybe-uninitialized warnings to errors on GCC 8. Even on GCC 8, there may be false positives at low optimization levels? I need to check.
Only use -Werror=cast-function-type with GCC 8 and later.
Put all of the -W options back into the order I found them in so that it's easier to compare old and new config/gnu-flags.
Add new source files to CMakeLists.txt.
Mention the -Werror= flags in libhdf5.settings.in.
free -> HDfree
Promote decleration-after-statement warnings to errors.
Quiet decleration-after-statement warnings.
Move a statement under some declarations since some vintages of Visual Studio don't like declarations after statements.
Document H5D__chunk_mem_xfree_wrapper().
Undo accidental test deletion.
Oops, delete a debug printf that snuck in here.
Undo my changes to the HD macros, hadn't really intended those to be on this branch....
Make errors of some more warnings. Move disabled warnings to DEVELOPER_WARNING_CFLAGS. Put just one warning option on a line, and sort some of the options.
Cast to the parameter type, H5VL_token_t *, instead of to unsigned char *.
Change hdset_reg_ref_t and H5R_ref_t from arrays of unsigned char to structs containing those arrays. Encapsulating the arrays in this way makes it easier to write and think about pointers to these types, casts to/from these types, etc.
...
commit 20ae7877e33931b95e8c3502b027d6c3fe94a11f
Merge: 46f8c61 edd5297
Author: David Young <dyoung@hdfgroup.org>
Date: Fri Nov 22 15:34:09 2019 -0600
Merge remote-tracking branch 'origin/add-werror-and-squash-some' into fprintf-experiment
commit 46f8c613d5117a8be5bc8385a072daa0b4262f06
Author: David Young <dyoung@hdfgroup.org>
Date: Fri Nov 22 15:29:00 2019 -0600
GCC really wants us to use `ll` to format `long long`, so try to make that work
before any other format modifier. Seems like we're not compiling the autoconf
test program with -Werror=format ? Probably should.
commit eee35b8ef3759c391327cd48a9b3c56b6f8abc99
Author: David Young <dyoung@hdfgroup.org>
Date: Fri Nov 22 15:28:05 2019 -0600
It's hard to know just how wide an HDoff_t will be, and I don't think POSIX or
C standards provide a PRI macro for it, so cast to intmax_t and format using
PRIdMAX.
commit 86eab12df7a89b546a38e99f8178dd2adbcb3433
Author: David Young <dyoung@hdfgroup.org>
Date: Fri Nov 22 15:26:25 2019 -0600
URemove some casts.se the right format string for the argument. Here and there
stop casting a printf argument.
commit f722f7cbecbaa99449941484b014426f62f1bed5
Merge: 58e3743 6d5ec83
Author: David Young <dyoung@hdfgroup.org>
Date: Fri Nov 22 14:44:16 2019 -0600
Merge branch 'add-werror-and-squash-some' into fprintf-experiment
commit 58e3743b7faa9836606ee91798fe80dfc0040da7
Author: David Young <dyoung@hdfgroup.org>
Date: Wed Nov 20 21:07:21 2019 -0600
Remove custom HDfprintf implementation, using the standard library's,
instead. Take a swipe at repairing fprintf format strings, mainly
replacing "%Hu" with "%" PRIuHSIZE, "%a" with "%" PRIuHADDR, "%Zu" with
"%zu".
Here and there remove an awkward cast of a printf argument to `long
long` and use PRI[doux]8, PRI[doux]32, or PRI[doux]64, instead.
Change occurrences of "%t" to "%s" and perform a suitable change of
argument, `cond` -> `cond ? "TRUE" : "FALSE"`.
Some occurrences of %Hu, %a, and %t remain, they just weren't flagged by
the compiler because of #ifdef'age.
commit d4366909293fa970c23512ac80e5d865d76cddbf
Author: David Young <dyoung@hdfgroup.org>
Date: Wed Nov 20 20:54:32 2019 -0600
Promote format-string warnigns to errors.
1) Check for valid object header version for a refcount messge
2) Check for invalid fill value size
3) Check for invalid dimension size in a layout message
4) Add --enable-error-stack option to h5stat
5) Add error checks to h5stat.c
6) Add tests to h5stat and h5dump
(2) Add two new options to h5repack for low and high bounds as in H5Pset_libver_bounds.
(3) Modify message pre_copy callbacks so that H5Ocopy can handle version bounds check.
(4) Add version bounds check for cache image feature.
* commit '54957d37f5aa73912763dbb6e308555e863c43f4':
Commit copyright header change for src/H5PLpkg.c which was added after running script to make changes.
Add new files in release_docs to MANIFEST. Cimmit changes to Makefile.in(s) and H5PL.c that resulted from running autogen.sh.
Merge pull request #407 in HDFFV/hdf5 from ~LRKNOX/hdf5_lrk:hdf5_1_10_1 to hdf5_1_10_1
Change copyright headers to replace url referring to file to be removed and replace it with new url for COPYING file.
Bring 'none' chunk index from revise_chunks branch to trunk.
Tested on:
MacOSX/64 10.11.4 (amazon) w/serial, parallel & production (w/check-vfd)
(h5committest forthcoming)
Bring "single" chunk index from revise_chunks branch to trunk.
Tested on:
MacOSX/64 10.11.4 (amazon) w/serial, parallel & production (w/check-vfd)
(h5committest forthcoming)
Bring support for earray and v2 B-trees from revise_chunks branch to
trunk.
Tested on:
MacOSX/64 10.11.4 (amazon) w/serial, parallel & production
(h5committest forthcoming)
- remove H5AC_ind_dxpl_id and use only H5AC_dxpl_id everywhere instead.
- remove flush_me_collectively flag from cache entries
- add a collective sanity check (MPI_Barrier) for every HDF5 API routine that could possibly touch the file. This is trigerred when the environment variable H5_COLL_API_SANITY_CHECK is set to a non 0 digit.
tested on BB-8 with serial and parallel.
Revisions to normalize revise chunks vs. trunk, plus push dataset metadata
changes into the cache immediately (instead of holding them within the dataset
data structures).
Tested on:
MacOSX/64 10.11.2 (amazon) w/serial & parallel
(h5committest not required on this branch)
Refactor property list code to "deep copy" properties in the correct way,
retraining the rest of the library to copy & release things correctly. This
cleans up another batch of memory leaks, etc. within the library.
Tested on:
MacOSX/64 10.10.5 (amazon) w/serial & parallel
Linux/32 2.6.x (jam) w/serial & parallel
(h5committest forthcoming)
Complete revamp of package initialization/shutdown mechanism in the library.
Each package now has a single init/term routine.
This new way should avoid packages being re-initialized during library
shutdown and is also be _much_ more proactive about giving feedback for
resource leaks internal to the library.
Introduces a new "module" header file for packages in the library
(e.g src/H5Fmodule.h) which sets up some necessary package configuration macros
for the FUNC_ENTER/LEAVE macros. (The VFL drivers have their own slightly
modified version of this header, src/H5FDdrvr_module.h)
Also cleaned up a bunch of resources leaks all across the library and tests,
along with addressing many warnings, as I encountered them.
Tested on:
MacOSX/64 10.10.5 (amazon) w/serial & parallel
Linux/64 3.10.x (kituo) w/serial & parallel
Linux/64 2.6.x (ostrich) w/serial
Fix handling of layout version number.
Other minor fixes/cleanup.
NOTE: This commit changes the file format for VDS, all files must be
re-generated.
Tested: ummon
Revert changes to pass file pointer to selection serialize/deserialize
routines. Also patch back in some changes that were merged out in the
previous merge w/trunk.
Tested on:
MacOSX/64 10.10.5 (amazon) w/serial
(h5committest not required on this branch)
Align w/vds branch: Change code in H5O_layout_copy() to use switch for
different types of dataset layouts.
Tested on:
MacOSX/64 10.10.5 (amazon) w/serial & parallel
(h5committest forthcoming)
Align w/vds branch: Whitespace cleanup, move common code for opening a
dataset into a new routine, misc. style cleanups.
Tested on:
MacOSX/64 10.10.5 (amazon) w/serial & parallel
(h5committest upcoming)
