Atri Bhattacharya
a0635c9ad7
- Fix CVEs:
* CVE-2021-46244 (bsc#1195215)
Compound-datatypes-may-not-have-members-of-size-0.patch
* CVE-2018-13867 (bsc#1101906)
Validate-location-offset-of-the-accumulated-metadata-when-comparing.patch
* CVE-2018-16438 (bsc#1107069)
Make-sure-info-block-for-external-links-has-at-least-3-bytes.patch
* CVE-2020-10812 (bsc#1167400)
Hot-fix-for-CVE-2020-10812.patch
* CVE-2021-45830 (bsc#1194375)
H5O_fsinfo_decode-Make-more-resilient-to-out-of-bounds-read.patch
* CVE-2019-8396 (bsc#1125882)
H5O__pline_decode-Make-more-resilient-to-out-of-bounds-read.patch
* CVE-2018-11205 (bsc#1093663)
Pass-compact-chunk-size-info-to-ensure-requested-elements-are-within-bounds.patch
* CVE-2021-46242 (bsc#1195212)
When-evicting-driver-info-block-NULL-the-corresponding-entry.patch
* CVE-2021-45833 (bsc#1194366)
Report-error-if-dimensions-of-chunked-storage-in-data-layout-2.patch
* CVE-2018-14031 (bsc#1101475)
H5O_dtype_decode_helper-Parent-of-enum-needs-to-have-same-size-as-enum-itself.patch
* CVE-2018-17439 (bsc#1111598)
H5IMget_image_info-H5Sget_simple_extent_dims-does-not-exceed-array-size.patch
- Fix an error message:
Fix-error-message-not-the-name-but-the-link-information-is-parsed.patch
OBS-URL: https://build.opensuse.org/request/show/1030627
OBS-URL: https://build.opensuse.org/package/show/science/hdf5?expand=0&rev=159
34 lines
1.2 KiB
Diff
34 lines
1.2 KiB
Diff
From: Egbert Eich <eich@suse.com>
|
|
Date: Tue Sep 27 10:29:56 2022 +0200
|
|
Subject: H5IMget_image_info: H5Sget_simple_extent_dims() does not exceed array size
|
|
Patch-mainline: Not yet
|
|
Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5
|
|
Git-commit: c1baab0937c8956a15efc41240f68d573c7b7324
|
|
References:
|
|
|
|
Malformed hdf5 files may provide more dimensions than the array dim[] is
|
|
able to hold. Check number of elements first by calling
|
|
H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments.
|
|
This will cause the function to return only the number of dimensions.
|
|
|
|
This fixes CVE-2018-17439
|
|
|
|
Signed-off-by: Egbert Eich <eich@suse.com>
|
|
Signed-off-by: Egbert Eich <eich@suse.de>
|
|
---
|
|
hl/src/H5IM.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
diff --git a/hl/src/H5IM.c b/hl/src/H5IM.c
|
|
index ff10d573c7..e37c696e25 100644
|
|
--- a/hl/src/H5IM.c
|
|
+++ b/hl/src/H5IM.c
|
|
@@ -283,6 +283,8 @@ H5IMget_image_info(hid_t loc_id, const char *dset_name, hsize_t *width, hsize_t
|
|
if ((sid = H5Dget_space(did)) < 0)
|
|
goto out;
|
|
|
|
+ if (H5Sget_simple_extent_dims(sid, NULL, NULL) > IMAGE24_RANK)
|
|
+ goto out;
|
|
/* Get dimensions */
|
|
if (H5Sget_simple_extent_dims(sid, dims, NULL) < 0)
|
|
goto out;
|