Commits
Binh-Minh Ribler committed 02d03b46241
Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684
Description:
HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters
Added a check for zero value
HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper
This is actually an Invalid read issue. It was found that the
attribute name length in an attribute message was corrupted,
which caused the buffer pointer to be advanced too far and later
caused an invalid read.
Added a check to detect attribute name and its length mismatch. The
fix does not cover all cases, but it'll reduce the chance of this issue
when a name length is corrupted or the attribute name is corrupted.
HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited
The test for HDFFV-10588 has revealed a bug in H5Ewalk.
H5Ewalk did not stop midway even when the call back function returns
H5_ITER_STOP. This is because a condition is missing from the for
loops in H5E__walk causing the callback functions unable to stop until
all the errors in the stack are iterated. Quincey advised on the final
fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR
to HERROR, and the for loops won't continue when "ret_value" is not 0.
Platforms tested:
Linux/64 (jelly)
Linux/64 (platypus)
Darwin (osx1011test)