Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode #2679

Merged
merged 2 commits into from
Apr 11, 2023
Merged

Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_decode #2679

merged 2 commits into from
Apr 11, 2023

Conversation

jhendersonHDF
Copy link
Collaborator

No description provided.

@jhendersonHDF jhendersonHDF added Merge - To 1.12 Priority - 1. High 🔼 These are important issues that should be resolved in the next release Component - C Library Core C library issues (usually in the src directory) Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub labels Apr 6, 2023
@jhendersonHDF jhendersonHDF force-pushed the layout_space_decode_checks branch from 70c5d53 to c17ca84 Compare April 6, 2023 02:39
jhendersonHDF
jhendersonHDF commented Apr 6, 2023
View reviewed changes
src/H5private.h
/* Check if a read of size bytes starting at ptr would overflow past
* the last valid byte, pointed to by buffer_end.
*/
#define H5_IS_BUFFER_OVERFLOW(ptr, size, buffer_end) (((ptr) + (size)-1) > (buffer_end))
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Borrowing this until we determine final placement..

qkoziol
qkoziol approved these changes Apr 6, 2023
View reviewed changes
Copy link
Contributor

@qkoziol qkoziol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest H5E_NOSPACE -> H5E_OVERFLOW

@jhendersonHDF
Copy link
Collaborator Author

Suggest H5E_NOSPACE -> H5E_OVERFLOW

"Address overflowed" seems a bit awkward to me as well to describe the issue that occurred, but I don't have any strong opinion either way. I can change it.

@jhendersonHDF jhendersonHDF force-pushed the layout_space_decode_checks branch 2 times, most recently from 21b9dd7 to 47bb446 Compare April 7, 2023 20:22
mattjala
mattjala reviewed Apr 10, 2023
View reviewed changes
src/H5Olayout.c Outdated
@@ -164,29 +180,46 @@ H5O__layout_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNU
* size in the dataset code, where we've got the dataspace
* information available also. - QAK 5/26/04
*/
if (H5_IS_BUFFER_OVERFLOW(p, (ndims * sizeof(uint32_t)), p_end))
HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding")
p += ndims * 4; /* Skip over dimension sizes (32-bit quantities) */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this '4' be replaced with a size call to match the overflow check?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. Changed.

@jhendersonHDF jhendersonHDF force-pushed the layout_space_decode_checks branch from 47bb446 to df97bbc Compare April 11, 2023 02:45
@lrknox lrknox merged commit bc8fa3a into HDFGroup:develop Apr 11, 2023
@jhendersonHDF jhendersonHDF mentioned this pull request Apr 12, 2023
Merged
brtnfld pushed a commit to brtnfld/hdf5 that referenced this pull request Apr 13, 2023
@jhendersonHDF @lrknox @brtnfld
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
cd2ef31 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
jhendersonHDF added a commit to jhendersonHDF/hdf5 that referenced this pull request Apr 13, 2023
@jhendersonHDF @lrknox
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
9fd2f20 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
jhendersonHDF added a commit to jhendersonHDF/hdf5 that referenced this pull request Apr 13, 2023
@jhendersonHDF @lrknox
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
6ada17e 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
jhendersonHDF added a commit to jhendersonHDF/hdf5 that referenced this pull request Apr 13, 2023
@jhendersonHDF @lrknox
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
fb18a4c 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
This was referenced Apr 13, 2023
Merged
Merged
Merged
derobins pushed a commit that referenced this pull request Apr 15, 2023
@jhendersonHDF
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
ae202d3 
…de (#2679) (#2728)
derobins pushed a commit that referenced this pull request Apr 15, 2023
@jhendersonHDF
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
be02375 
…de (#2679) (#2729)
derobins pushed a commit that referenced this pull request Apr 15, 2023
@jhendersonHDF
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
68f6f16 
…de (#2679) (#2730)
byrnHDF pushed a commit to byrnHDF/hdf5 that referenced this pull request Apr 16, 2023
@jhendersonHDF @lrknox @byrnHDF
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
73814ca 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
@jhendersonHDF jhendersonHDF deleted the layout_space_decode_checks branch April 17, 2023 20:02
brtnfld pushed a commit to brtnfld/hdf5 that referenced this pull request May 17, 2023
@jhendersonHDF @lrknox @brtnfld
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
60093b8 
…de (HDFGroup#2679)

Co-authored-by: Larry Knox <[email protected]>
brtnfld pushed a commit to brtnfld/hdf5 that referenced this pull request Oct 5, 2023
@jhendersonHDF @brtnfld
Add buffer overrun checks to H5O__layout_decode and H5O__sdspace_deco…
2de4dff 
…de (HDFGroup#2679) (HDFGroup#2729)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattjala mattjala mattjala left review comments

@qkoziol qkoziol qkoziol approved these changes

@lrknox lrknox lrknox approved these changes

@derobins derobins Awaiting requested review from derobins derobins is a code owner

@byrnHDF byrnHDF Awaiting requested review from byrnHDF byrnHDF is a code owner

@fortnern fortnern Awaiting requested review from fortnern fortnern is a code owner

@vchoi-hdfgroup vchoi-hdfgroup Awaiting requested review from vchoi-hdfgroup vchoi-hdfgroup is a code owner

@bmribler bmribler Awaiting requested review from bmribler bmribler is a code owner

@glennsong09 glennsong09 Awaiting requested review from glennsong09 glennsong09 is a code owner

@brtnfld brtnfld Awaiting requested review from brtnfld brtnfld is a code owner

Assignees
No one assigned
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub
Projects
Downstream HDF5 Merges
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jhendersonHDF @qkoziol @lrknox @mattjala