02d03b4624
Description:
HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters
Added a check for zero value
HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper
This is actually an Invalid read issue. It was found that the
attribute name length in an attribute message was corrupted,
which caused the buffer pointer to be advanced too far and later
caused an invalid read.
Added a check to detect attribute name and its length mismatch. The
fix does not cover all cases, but it'll reduce the chance of this issue
when a name length is corrupted or the attribute name is corrupted.
HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited
The test for HDFFV-10588 has revealed a bug in H5Ewalk.
H5Ewalk did not stop midway even when the call back function returns
H5_ITER_STOP. This is because a condition is missing from the for
loops in H5E__walk causing the callback functions unable to stop until
all the errors in the stack are iterated. Quincey advised on the final
fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR
to HERROR, and the for loops won't continue when "ret_value" is not 0.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1011test)
HDF5 version 1.10.5-snap1 currently under development
------------------------------------------------------------------------------
Please refer to the release_docs/INSTALL file for installation instructions.
------------------------------------------------------------------------------
THE HDF GROUP
---------------
The HDF Group is the developer of HDF5®, a high-performance software library and
data format that has been adopted across multiple industries and has become a
de facto standard in scientific and research communities.
More information about The HDF Group, the HDF5 Community and the HDF5 software
project, tools and services can be found at the Group's website.
https://www.hdfgroup.org/
DOCUMENTATION
-------------
This release is fully functional for the API described in the documentation.
https://portal.hdfgroup.org/display/HDF5/The+HDF5+API
Full Documentation and Programming Resources for this release can be found at
https://portal.hdfgroup.org/display/HDF5
See the RELEASE.txt file in the release_docs/ directory for information specific
to the features and updates included in this release of the library.
Several more files are located within the release_docs/ directory with specific
details for several common platforms and configurations.
INSTALL - Start Here. General instructions for compiling and installing the library
INSTALL_CMAKE - instructions for building with CMake (Kitware.com)
INSTALL_parallel - instructions for building and configuring Parallel HDF5
INSTALL_Windows and INSTALL_Cygwin - MS Windows installations.
HELP AND SUPPORT
----------------
Information regarding Help Desk and Support services is available at
https://portal.hdfgroup.org/display/support/The+HDF+Help+Desk
FORUM and NEWS
--------------
The following public forums are provided for public announcements and discussions
of interest to the general HDF5 Community.
Homepage of the Forum
https://forum.hdfgroup.org
News and Announcement
https://forum.hdfgroup.org/c/news-and-announcements-from-the-hdf-group
HDF5 and HDF4 Topics
https://forum.hdfgroup.org/c/hdf5
These forums are provided as an open and public service for searching and reading.
Posting requires completing a simple registration and allows one to join in the
conversation. Please read the following instructions pertaining to the Forum's
use and configuration
https://forum.hdfgroup.org/t/quickstart-guide-welcome-to-the-new-hdf-forum
SNAPSHOTS, PREVIOUS RELEASES AND SOURCE CODE
--------------------------------------------
Periodically development code snapshots are provided at the following URL:
https://gamma.hdfgroup.org/ftp/pub/outgoing/hdf5/snapshots/
Source packages for current and previous releases are located at:
https://portal.hdfgroup.org/display/support/Downloads
Development code is available at our BitBucket Server:
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse