diff --git a/CVE-2017-17506.patch b/CVE-2017-17506.patch new file mode 100644 index 0000000000000000000000000000000000000000..6a824306458bd026a0f2c12e6a565bc97507c508 --- /dev/null +++ b/CVE-2017-17506.patch @@ -0,0 +1,1869 @@ +From b1a6873b1021c967b661727edae9de87d194f744 Mon Sep 17 00:00:00 2001 +From: Dana Robinson +Date: Mon, 26 Feb 2018 18:31:40 -0800 +Subject: [PATCH] CVE-2017-17506 + +--- + src/H5Abtree2.c | 4 +- + src/H5Adense.c | 4 +- + src/H5Gbtree2.c | 4 +- + src/H5Gdense.c | 20 +-- + src/H5HFcache.c | 2 +- + src/H5Oainfo.c | 5 +- + src/H5Oattr.c | 8 +- + src/H5Obogus.c | 5 +- + src/H5Obtreek.c | 5 +- + src/H5Ocache_image.c | 377 +++++++++++++++++++++++++++++++++++++++ + src/H5Ocont.c | 5 +- + src/H5Odrvinfo.c | 5 +- + src/H5Odtype.c | 4 +- + src/H5Oefl.c | 5 +- + src/H5Ofill.c | 10 +- + src/H5Ofsinfo.c | 408 +++++++++++++++++++++++++++++++++++++++++++ + src/H5Oginfo.c | 5 +- + src/H5Olayout.c | 5 +- + src/H5Olinfo.c | 5 +- + src/H5Olink.c | 5 +- + src/H5Omessage.c | 4 +- + src/H5Omtime.c | 10 +- + src/H5Oname.c | 5 +- + src/H5Opkg.h | 4 +- + src/H5Opline.c | 51 +++--- + src/H5Oprivate.h | 2 +- + src/H5Orefcount.c | 5 +- + src/H5Osdspace.c | 5 +- + src/H5Oshared.c | 2 +- + src/H5Oshared.h | 8 +- + src/H5Oshmesg.c | 5 +- + src/H5Ostab.c | 5 +- + src/H5S.c | 2 +- + src/H5SM.c | 16 +- + src/H5T.c | 13 +- + src/H5Tprivate.h | 2 + + 36 files changed, 926 insertions(+), 104 deletions(-) + create mode 100644 src/H5Ocache_image.c + create mode 100644 src/H5Ofsinfo.c + +diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c +index 33a031e6f1..02fffce21c 100644 +--- a/src/H5Abtree2.c ++++ b/src/H5Abtree2.c +@@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */ + *------------------------------------------------------------------------- + */ + static herr_t +-H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5A__dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) + { + H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ + H5A_t *attr = NULL; /* Pointer to attribute created from heap object */ +@@ -172,7 +172,7 @@ H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda + FUNC_ENTER_NOAPI_NOINIT + + /* Decode attribute information */ +- if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) ++ if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, FAIL, "can't decode attribute") + + /* Compare the string values */ +diff --git a/src/H5Adense.c b/src/H5Adense.c +index 291f422c62..ab159ff5e8 100644 +--- a/src/H5Adense.c ++++ b/src/H5Adense.c +@@ -843,7 +843,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5A__dense_copy_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5A_fh_ud_cp_t *udata = (H5A_fh_ud_cp_t *)_udata; /* User data for fractal heap 'op' callback */ + herr_t ret_value = SUCCEED; /* Return value */ +@@ -857,7 +857,7 @@ H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda + * HDF5 routine, it could attempt to re-protect that direct block for the + * heap, causing the HDF5 routine called to fail) + */ +- if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) ++ if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, FAIL, "can't decode attribute") + + /* Set the creation order index for the attribute */ +diff --git a/src/H5Gbtree2.c b/src/H5Gbtree2.c +index 888c611d77..d520484890 100644 +--- a/src/H5Gbtree2.c ++++ b/src/H5Gbtree2.c +@@ -159,7 +159,7 @@ const H5B2_class_t H5G_BT2_CORDER[1]={{ /* B-tree class information */ + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_cmp_t *udata = (H5G_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ + H5O_link_t *lnk; /* Pointer to link created from heap object */ +@@ -168,7 +168,7 @@ H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda + FUNC_ENTER_NOAPI_NOINIT + + /* Decode link information */ +- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") + + /* Compare the string values */ +diff --git a/src/H5Gdense.c b/src/H5Gdense.c +index 9ec895187d..a43939eb97 100644 +--- a/src/H5Gdense.c ++++ b/src/H5Gdense.c +@@ -597,7 +597,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_lbi_t *udata = (H5G_fh_ud_lbi_t *)_udata; /* User data for fractal heap 'op' callback */ + H5O_link_t *tmp_lnk = NULL; /* Temporary pointer to link */ +@@ -606,7 +606,7 @@ H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo + FUNC_ENTER_NOAPI_NOINIT + + /* Decode link information & keep a copy */ +- if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") + + /* Copy link information */ +@@ -887,7 +887,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_iterate_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_it_t *udata = (H5G_fh_ud_it_t *)_udata; /* User data for fractal heap 'op' callback */ + herr_t ret_value = SUCCEED; /* Return value */ +@@ -901,7 +901,7 @@ H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_u + * HDF5 routine, it could attempt to re-protect that direct block for the + * heap, causing the HDF5 routine called to fail - QAK) + */ +- if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") + + done: +@@ -1099,7 +1099,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_gnbi_t *udata = (H5G_fh_ud_gnbi_t *)_udata; /* User data for fractal heap 'op' callback */ + H5O_link_t *lnk; /* Pointer to link created from heap object */ +@@ -1108,7 +1108,7 @@ H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, + FUNC_ENTER_NOAPI_NOINIT + + /* Decode link information */ +- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") + + /* Get the length of the name */ +@@ -1306,7 +1306,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_remove_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_rm_t *udata = (H5G_fh_ud_rm_t *)_udata; /* User data for fractal heap 'op' callback */ + H5O_link_t *lnk = NULL; /* Pointer to link created from heap object */ +@@ -1316,7 +1316,7 @@ H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_ud + FUNC_ENTER_NOAPI_NOINIT + + /* Decode link information */ +- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") + + /* Check for removing the link from the creation order index */ +@@ -1483,7 +1483,7 @@ done: + *------------------------------------------------------------------------- + */ + static herr_t +-H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) ++H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) + { + H5G_fh_ud_rmbi_t *udata = (H5G_fh_ud_rmbi_t *)_udata; /* User data for fractal heap 'op' callback */ + herr_t ret_value = SUCCEED; /* Return value */ +@@ -1491,7 +1491,7 @@ H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo + FUNC_ENTER_NOAPI_NOINIT + + /* Decode link information */ +- if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) ++ if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) + HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, H5_ITER_ERROR, "can't decode link") + + /* Can't operate on link here because the fractal heap block is locked */ +diff --git a/src/H5HFcache.c b/src/H5HFcache.c +index f0d251c8de..319a865438 100644 +--- a/src/H5HFcache.c ++++ b/src/H5HFcache.c +@@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata) + UINT32DECODE(p, hdr->pline_root_direct_filter_mask); + + /* Decode I/O filter information */ +- if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, p))) ++ if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, len, image))) + HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters") + p += hdr->filter_len; + +diff --git a/src/H5Oainfo.c b/src/H5Oainfo.c +index e85df44262..5aab4c6c32 100644 +--- a/src/H5Oainfo.c ++++ b/src/H5Oainfo.c +@@ -34,7 +34,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_ainfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_ainfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_ainfo_copy(const void *_mesg, void *_dest); + static size_t H5O_ainfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -104,7 +104,8 @@ H5FL_DEFINE_STATIC(H5O_ainfo_t); + */ + static void * + H5O_ainfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_ainfo_t *ainfo = NULL; /* Attribute info */ + unsigned char flags; /* Flags for encoding attribute info */ +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index a8d2a311b2..882912155a 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -26,7 +26,7 @@ + /* PRIVATE PROTOTYPES */ + static herr_t H5O_attr_encode(H5F_t *f, uint8_t *p, const void *mesg); + static void *H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static void *H5O_attr_copy(const void *_mesg, void *_dest); + static size_t H5O_attr_size(const H5F_t *f, const void *_mesg); + static herr_t H5O_attr_free(void *mesg); +@@ -121,7 +121,7 @@ H5FL_EXTERN(H5S_extent_t); + --------------------------------------------------------------------------*/ + static void * + H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, +- unsigned *ioflags, const uint8_t *p) ++ unsigned *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5A_t *attr = NULL; + H5S_extent_t *extent; /*extent dimensionality information */ +@@ -187,7 +187,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED + + /* Decode the attribute's datatype */ + if(NULL == (attr->shared->dt = (H5T_t *)(H5O_MSG_DTYPE->decode)(f, dxpl_id, open_oh, +- ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p))) ++ ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->dt_size, p))) + HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute datatype") + if(attr->shared->version < H5O_ATTR_VERSION_2) + p += H5O_ALIGN_OLD(attr->shared->dt_size); +@@ -202,7 +202,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED + + /* Decode attribute's dataspace extent */ + if((extent = (H5S_extent_t *)(H5O_MSG_SDSPACE->decode)(f, dxpl_id, open_oh, +- ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p)) == NULL) ++ ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->ds_size, p)) == NULL) + HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute dataspace") + + /* Copy the extent information to the dataspace */ +diff --git a/src/H5Obogus.c b/src/H5Obogus.c +index 7a058b2452..ba9a8ada34 100644 +--- a/src/H5Obogus.c ++++ b/src/H5Obogus.c +@@ -37,7 +37,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_bogus_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_bogus_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static size_t H5O_bogus_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); + static herr_t H5O_bogus_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, FILE * stream, +@@ -110,7 +110,8 @@ const H5O_msg_class_t H5O_MSG_BOGUS_INVALID[1] = {{ + */ + static void * + H5O_bogus_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_bogus_t *mesg = NULL; + void *ret_value; /* Return value */ +diff --git a/src/H5Obtreek.c b/src/H5Obtreek.c +index 70aacc7644..6bcdcc3af3 100644 +--- a/src/H5Obtreek.c ++++ b/src/H5Obtreek.c +@@ -27,7 +27,7 @@ + #include "H5MMprivate.h" /* Memory management */ + + static void *H5O_btreek_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_btreek_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_btreek_copy(const void *_mesg, void *_dest); + static size_t H5O_btreek_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -78,7 +78,8 @@ const H5O_msg_class_t H5O_MSG_BTREEK[1] = {{ + */ + static void * + H5O_btreek_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_btreek_t *mesg; /* Native message */ + void *ret_value; /* Return value */ +diff --git a/src/H5Ocache_image.c b/src/H5Ocache_image.c +new file mode 100644 +index 0000000000..d2b65bbb8c +--- /dev/null ++++ b/src/H5Ocache_image.c +@@ -0,0 +1,377 @@ ++/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ++ * Copyright by The HDF Group. * ++ * Copyright by the Board of Trustees of the University of Illinois. * ++ * All rights reserved. * ++ * * ++ * This file is part of HDF5. The full HDF5 copyright notice, including * ++ * terms governing use, modification, and redistribution, is contained in * ++ * the COPYING file, which can be found at the root of the source code * ++ * distribution tree, or in https://support.hdfgroup.org/ftp/HDF5/releases. * ++ * If you do not have access to either file, you may request a copy from * ++ * help@hdfgroup.org. * ++ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ ++ ++/*------------------------------------------------------------------------- ++ * ++ * Created: H5Ocache_image.c ++ * June 21, 2015 ++ * John Mainzer ++ * ++ * Purpose: A message indicating that a metadata cache image block ++ * of the indicated length exists at the specified offset ++ * in the HDF5 file. ++ * ++ * The mdci_msg only appears in the superblock extension. ++ * ++ *------------------------------------------------------------------------- ++ */ ++ ++#include "H5Omodule.h" /* This source code file is part of the H5O module */ ++ ++ ++#include "H5private.h" /* Generic Functions */ ++#include "H5Eprivate.h" /* Error handling */ ++#include "H5Fprivate.h" /* Files */ ++#include "H5FLprivate.h" /* Free Lists */ ++#include "H5Opkg.h" /* Object headers */ ++#include "H5MFprivate.h" /* File space management */ ++ ++/* Callbacks for message class */ ++static void *H5O__mdci_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); ++static herr_t H5O__mdci_encode(H5F_t *f, hbool_t disable_shared, ++ uint8_t *p, const void *_mesg); ++static void *H5O__mdci_copy(const void *_mesg, void *_dest); ++static size_t H5O__mdci_size(const H5F_t *f, hbool_t disable_shared, ++ const void *_mesg); ++static herr_t H5O__mdci_free(void *mesg); ++static herr_t H5O__mdci_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, ++ void *_mesg); ++static herr_t H5O__mdci_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, ++ FILE *stream, int indent, int fwidth); ++ ++/* This message derives from H5O message class */ ++const H5O_msg_class_t H5O_MSG_MDCI[1] = {{ ++ H5O_MDCI_MSG_ID, /* message id number */ ++ "mdci", /* message name for debugging */ ++ sizeof(H5O_mdci_t), /* native message size */ ++ 0, /* messages are sharable? */ ++ H5O__mdci_decode, /* decode message */ ++ H5O__mdci_encode, /* encode message */ ++ H5O__mdci_copy, /* copy method */ ++ H5O__mdci_size, /* size of mdc image message */ ++ NULL, /* reset method */ ++ H5O__mdci_free, /* free method */ ++ H5O__mdci_delete, /* file delete method */ ++ NULL, /* link method */ ++ NULL, /* set share method */ ++ NULL, /* can share method */ ++ NULL, /* pre copy native value to file */ ++ NULL, /* copy native value to file */ ++ NULL, /* post copy native value to file */ ++ NULL, /* get creation index */ ++ NULL, /* set creation index */ ++ H5O__mdci_debug /* debugging */ ++}}; ++ ++/* Only one version of the metadata cache image message at present */ ++#define H5O_MDCI_VERSION_0 0 ++ ++/* Declare the free list for H5O_mdci_t's */ ++H5FL_DEFINE(H5O_mdci_t); ++ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_decode ++ * ++ * Purpose: Decode a metadata cache image message and return a ++ * pointer to a newly allocated H5O_mdci_t struct. ++ * ++ * Return: Success: Ptr to new message in native struct. ++ * Failure: NULL ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static void * ++H5O__mdci_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, ++ H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, ++ unsigned H5_ATTR_UNUSED *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) ++{ ++ H5O_mdci_t *mesg; /* Native message */ ++ void *ret_value = NULL; /* Return value */ ++ ++ FUNC_ENTER_STATIC ++ ++ /* Sanity check */ ++ HDassert(f); ++ HDassert(p); ++ ++ /* Version of message */ ++ if(*p++ != H5O_MDCI_VERSION_0) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for message") ++ ++ /* Allocate space for message */ ++ if(NULL == (mesg = (H5O_mdci_t *)H5FL_MALLOC(H5O_mdci_t))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed for metadata cache image message") ++ ++ /* Decode */ ++ H5F_addr_decode(f, &p, &(mesg->addr)); ++ H5F_DECODE_LENGTH(f, p, mesg->size); ++ ++ /* Set return value */ ++ ret_value = (void *)mesg; ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O__mdci_decode() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_encode ++ * ++ * Purpose: Encode metadata cache image message ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O__mdci_encode(H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, ++ uint8_t *p, const void *_mesg) ++{ ++ const H5O_mdci_t *mesg = (const H5O_mdci_t *)_mesg; ++ ++ FUNC_ENTER_STATIC_NOERR ++ ++ /* Sanity check */ ++ HDassert(f); ++ HDassert(p); ++ HDassert(mesg); ++ ++ /* encode */ ++ *p++ = H5O_MDCI_VERSION_0; ++ H5F_addr_encode(f, &p, mesg->addr); ++ H5F_ENCODE_LENGTH(f, p, mesg->size); ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O__mdci_encode() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_copy ++ * ++ * Purpose: Copies a message from _MESG to _DEST, allocating _DEST if ++ * necessary. ++ * ++ * Return: Success: Ptr to _DEST ++ * Failure: NULL ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static void * ++H5O__mdci_copy(const void *_mesg, void *_dest) ++{ ++ const H5O_mdci_t *mesg = (const H5O_mdci_t *)_mesg; ++ H5O_mdci_t *dest = (H5O_mdci_t *) _dest; ++ void *ret_value = NULL; /* Return value */ ++ ++ FUNC_ENTER_STATIC ++ ++ /* check args */ ++ HDassert(mesg); ++ if(!dest && NULL == (dest = H5FL_MALLOC(H5O_mdci_t))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ ++ /* copy */ ++ *dest = *mesg; ++ ++ /* Set return value */ ++ ret_value = dest; ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O_mdci__copy() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_size ++ * ++ * Purpose: Returns the size of the raw message in bytes not counting ++ * the message type or size fields, but only the data fields. ++ * This function doesn't take into account alignment. ++ * ++ * Return: Success: Message data size in bytes without alignment. ++ * ++ * Failure: zero ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static size_t ++H5O__mdci_size(const H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, ++ const void H5_ATTR_UNUSED *_mesg) ++{ ++ size_t ret_value = 0; /* Return value */ ++ ++ FUNC_ENTER_STATIC_NOERR ++ ++ /* Set return value */ ++ ret_value = (size_t)( 1 + /* Version number */ ++ H5F_SIZEOF_ADDR(f) + /* addr of metadata cache */ ++ /* image block */ ++ H5F_SIZEOF_SIZE(f) ); /* length of metadata cache */ ++ /* image block */ ++ ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O__mdci_size() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_free ++ * ++ * Purpose: Free the message ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O__mdci_free(void *mesg) ++{ ++ FUNC_ENTER_STATIC_NOERR ++ ++ HDassert(mesg); ++ ++ mesg = H5FL_FREE(H5O_mdci_t, mesg); ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O__mdci_free() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_delete ++ * ++ * Purpose: Free file space referenced by message ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: Quincey Koziol ++ * Wednesday, March 19, 2003 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O__mdci_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, void *_mesg) ++{ ++ H5O_mdci_t *mesg = (H5O_mdci_t *)_mesg; ++ herr_t ret_value = SUCCEED; /* Return value */ ++ ++ FUNC_ENTER_STATIC ++ ++ /* check args */ ++ HDassert(f); ++ HDassert(open_oh); ++ HDassert(mesg); ++ ++ /* Free file space for cache image */ ++ if(H5F_addr_defined(mesg->addr)) { ++ /* The space for the cache image block was allocated directly ++ * from the VFD layer at the end of file. As this was the ++ * last file space allocation before shutdown, the cache image ++ * should still be the last item in the file. ++ * ++ * If the hack to work around the self referential free space ++ * manager issue is in use, file space for the non-empty self ++ * referential free space managers was also allocated from VFD ++ * layer at the end of file. Since these allocations directly ++ * preceeded the cache image allocation they should be directly ++ * adjacent to the cache image block at the end of file. ++ * ++ * In this case, just call H5MF_tidy_self_referential_fsm_hack(). ++ * ++ * That routine will float the self referential free space ++ * managers, and reduce the eoa to its value just prior to ++ * allocation of space for same. Since the cache image appears ++ * just after the self referential free space managers, this ++ * will release the file space for the cache image as well. ++ * ++ * Note that in this case, there must not have been any file ++ * space allocations / deallocations prior to the free of the ++ * cache image. Verify this to the extent possible. ++ * ++ * If the hack to work around the persistant self referential ++ * free space manager issue is NOT in use, just call H5MF_xfree() ++ * to release the cache iamge. In principle, we should be able ++ * to just reduce the EOA to the base address of the cache ++ * image block, as there shouldn't be any file space allocation ++ * before the first metadata cache access. However, given ++ * time constraints, I don't want to go there now. ++ */ ++ if(H5F_FIRST_ALLOC_DEALLOC(f)) { ++ HDassert(HADDR_UNDEF != H5F_EOA_PRE_FSM_FSALLOC(f)); ++ HDassert(H5F_addr_ge(mesg->addr, H5F_EOA_PRE_FSM_FSALLOC(f))); ++ if(H5MF_tidy_self_referential_fsm_hack(f, dxpl_id) < 0) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTFREE, FAIL, "tidy of self referential fsm hack failed") ++ } /* end if */ ++ else { ++ if(H5MF_xfree(f, H5FD_MEM_SUPER, dxpl_id, mesg->addr, mesg->size) < 0) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTFREE, FAIL, "unable to free file space for cache image block") ++ } /* end else */ ++ } /* end if */ ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O__mdci_delete() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O__mdci_debug ++ * ++ * Purpose: Prints debugging info. ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: John Mainzer ++ * 6/22/15 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O__mdci_debug(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, ++ const void *_mesg, FILE * stream, int indent, int fwidth) ++{ ++ const H5O_mdci_t *mdci = (const H5O_mdci_t *) _mesg; ++ ++ FUNC_ENTER_STATIC_NOERR ++ ++ /* check args */ ++ HDassert(f); ++ HDassert(mdci); ++ HDassert(stream); ++ HDassert(indent >= 0); ++ HDassert(fwidth >= 0); ++ ++ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, ++ "Metadata Cache Image Block address:", mdci->addr); ++ ++ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, ++ "Metadata Cache Image Block size in bytes:", mdci->size); ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O__mdci_debug() */ ++ +diff --git a/src/H5Ocont.c b/src/H5Ocont.c +index 681f54a748..b91b1814ef 100644 +--- a/src/H5Ocont.c ++++ b/src/H5Ocont.c +@@ -36,7 +36,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_cont_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_cont_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static size_t H5O_cont_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); + static herr_t H5O_cont_free(void *mesg); +@@ -89,7 +89,8 @@ H5FL_DEFINE(H5O_cont_t); + */ + static void * + H5O_cont_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_cont_t *cont = NULL; + void *ret_value; +diff --git a/src/H5Odrvinfo.c b/src/H5Odrvinfo.c +index 6f715f8bd2..fd8ad6b7ef 100644 +--- a/src/H5Odrvinfo.c ++++ b/src/H5Odrvinfo.c +@@ -27,7 +27,7 @@ + #include "H5MMprivate.h" /* Memory management */ + + static void *H5O_drvinfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_drvinfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_drvinfo_copy(const void *_mesg, void *_dest); + static size_t H5O_drvinfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -79,7 +79,8 @@ const H5O_msg_class_t H5O_MSG_DRVINFO[1] = {{ + */ + static void * + H5O_drvinfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_drvinfo_t *mesg; /* Native message */ + void *ret_value; /* Return value */ +diff --git a/src/H5Odtype.c b/src/H5Odtype.c +index 774b07103b..85fbef4020 100644 +--- a/src/H5Odtype.c ++++ b/src/H5Odtype.c +@@ -29,7 +29,7 @@ + /* PRIVATE PROTOTYPES */ + static herr_t H5O_dtype_encode(H5F_t *f, uint8_t *p, const void *mesg); + static void *H5O_dtype_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static void *H5O_dtype_copy(const void *_mesg, void *_dest); + static size_t H5O_dtype_size(const H5F_t *f, const void *_mesg); + static herr_t H5O_dtype_reset(void *_mesg); +@@ -1093,7 +1093,7 @@ done: + --------------------------------------------------------------------------*/ + static void * + H5O_dtype_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, +- unsigned *ioflags/*in,out*/, const uint8_t *p) ++ unsigned *ioflags/*in,out*/, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5T_t *dt = NULL; + void *ret_value; /* Return value */ +diff --git a/src/H5Oefl.c b/src/H5Oefl.c +index 218d2503a5..546eb4fc57 100644 +--- a/src/H5Oefl.c ++++ b/src/H5Oefl.c +@@ -28,7 +28,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_efl_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_efl_copy(const void *_mesg, void *_dest); + static size_t H5O_efl_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -88,7 +88,8 @@ const H5O_msg_class_t H5O_MSG_EFL[1] = {{ + */ + static void * + H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_efl_t *mesg = NULL; + int version; +diff --git a/src/H5Ofill.c b/src/H5Ofill.c +index 721c648b3d..70704c5913 100644 +--- a/src/H5Ofill.c ++++ b/src/H5Ofill.c +@@ -32,11 +32,11 @@ + + + static void *H5O_fill_old_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_fill_old_encode(H5F_t *f, uint8_t *p, const void *_mesg); + static size_t H5O_fill_old_size(const H5F_t *f, const void *_mesg); + static void *H5O_fill_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_fill_new_encode(H5F_t *f, uint8_t *p, const void *_mesg); + static size_t H5O_fill_new_size(const H5F_t *f, const void *_mesg); + static void *H5O_fill_copy(const void *_mesg, void *_dest); +@@ -183,7 +183,8 @@ H5FL_BLK_EXTERN(type_conv); + */ + static void * + H5O_fill_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_fill_t *fill = NULL; + void *ret_value; +@@ -297,7 +298,8 @@ done: + */ + static void * + H5O_fill_old_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_fill_t *fill = NULL; /* Decoded fill value message */ + void *ret_value; /* Return value */ +diff --git a/src/H5Ofsinfo.c b/src/H5Ofsinfo.c +new file mode 100644 +index 0000000000..8369ae14ff +--- /dev/null ++++ b/src/H5Ofsinfo.c +@@ -0,0 +1,408 @@ ++/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ++ * Copyright by The HDF Group. * ++ * Copyright by the Board of Trustees of the University of Illinois. * ++ * All rights reserved. * ++ * * ++ * This file is part of HDF5. The full HDF5 copyright notice, including * ++ * terms governing use, modification, and redistribution, is contained in * ++ * the COPYING file, which can be found at the root of the source code * ++ * distribution tree, or in https://support.hdfgroup.org/ftp/HDF5/releases. * ++ * If you do not have access to either file, you may request a copy from * ++ * help@hdfgroup.org. * ++ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ ++ ++/*------------------------------------------------------------------------- ++ * ++ * Created: H5Ofsinfo.c ++ * Feb 2009 ++ * Vailin Choi ++ * ++ * Purpose: File space info message. ++ * ++ *------------------------------------------------------------------------- ++ */ ++#define H5F_FRIEND /*suppress error about including H5Fpkg */ ++#include "H5Omodule.h" /* This source code file is part of the H5O module */ ++ ++ ++#include "H5private.h" /* Generic Functions */ ++#include "H5Eprivate.h" /* Error handling */ ++#include "H5Fpkg.h" /* File access */ ++#include "H5FLprivate.h" /* Free lists */ ++#include "H5Opkg.h" /* Object headers */ ++ ++/* PRIVATE PROTOTYPES */ ++static void *H5O_fsinfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, ++ unsigned *ioflags, size_t p_size, const uint8_t *p); ++static herr_t H5O_fsinfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); ++static void *H5O_fsinfo_copy(const void *_mesg, void *_dest); ++static size_t H5O_fsinfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); ++static herr_t H5O_fsinfo_free(void *mesg); ++static herr_t H5O_fsinfo_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, ++ FILE * stream, int indent, int fwidth); ++ ++/* This message derives from H5O message class */ ++const H5O_msg_class_t H5O_MSG_FSINFO[1] = {{ ++ H5O_FSINFO_ID, /* message id number */ ++ "fsinfo", /* message name for debugging */ ++ sizeof(H5O_fsinfo_t), /* native message size */ ++ 0, /* messages are sharable? */ ++ H5O_fsinfo_decode, /* decode message */ ++ H5O_fsinfo_encode, /* encode message */ ++ H5O_fsinfo_copy, /* copy the native value */ ++ H5O_fsinfo_size, /* size of free-space manager info message */ ++ NULL, /* default reset method */ ++ H5O_fsinfo_free, /* free method */ ++ NULL, /* file delete method */ ++ NULL, /* link method */ ++ NULL, /* set share method */ ++ NULL, /* can share method */ ++ NULL, /* pre copy native value to file */ ++ NULL, /* copy native value to file */ ++ NULL, /* post copy native value to file */ ++ NULL, /* get creation index */ ++ NULL, /* set creation index */ ++ H5O_fsinfo_debug /* debug the message */ ++}}; ++ ++/* Current version of free-space manager info information */ ++#define H5O_FSINFO_VERSION_0 0 ++#define H5O_FSINFO_VERSION_1 1 ++ ++/* Declare a free list to manage the H5O_fsinfo_t struct */ ++H5FL_DEFINE_STATIC(H5O_fsinfo_t); ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_decode ++ * ++ * Purpose: Decode a message and return a pointer to a newly allocated one. ++ * ++ * Return: Success: Ptr to new message in native form. ++ * Failure: NULL ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static void * ++H5O_fsinfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) ++{ ++ H5O_fsinfo_t *fsinfo = NULL; /* File space info message */ ++ H5F_mem_page_t ptype; /* Memory type for iteration */ ++ unsigned vers; /* message version */ ++ void *ret_value = NULL; /* Return value */ ++ ++ FUNC_ENTER_NOAPI_NOINIT ++ ++ /* check args */ ++ HDassert(f); ++ HDassert(p); ++ ++ /* Allocate space for message */ ++ if(NULL == (fsinfo = H5FL_CALLOC(H5O_fsinfo_t))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ ++ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) ++ fsinfo->fs_addr[ptype - 1] = HADDR_UNDEF; ++ ++ /* Version of message */ ++ vers = *p++; ++ ++ if(vers == H5O_FSINFO_VERSION_0) { ++ H5F_file_space_type_t strategy; /* Strategy */ ++ hsize_t threshold; /* Threshold */ ++ H5FD_mem_t type; /* Memory type for iteration */ ++ ++ fsinfo->persist = H5F_FREE_SPACE_PERSIST_DEF; ++ fsinfo->threshold = H5F_FREE_SPACE_THRESHOLD_DEF; ++ fsinfo->page_size = H5F_FILE_SPACE_PAGE_SIZE_DEF; ++ fsinfo->pgend_meta_thres = H5F_FILE_SPACE_PGEND_META_THRES; ++ fsinfo->eoa_pre_fsm_fsalloc = HADDR_UNDEF; ++ ++ strategy = (H5F_file_space_type_t)*p++; /* File space strategy */ ++ H5F_DECODE_LENGTH(f, p, threshold); /* Free-space section threshold */ ++ ++ /* Map version 0 (deprecated) to version 1 message */ ++ switch(strategy) { ++ ++ case H5F_FILE_SPACE_ALL_PERSIST: ++ fsinfo->strategy = H5F_FSPACE_STRATEGY_FSM_AGGR; ++ fsinfo->persist = TRUE; ++ fsinfo->threshold = threshold; ++ if(HADDR_UNDEF == (fsinfo->eoa_pre_fsm_fsalloc = H5F_get_eoa(f, H5FD_MEM_DEFAULT)) ) ++ HGOTO_ERROR(H5E_FILE, H5E_CANTGET, NULL, "unable to get file size") ++ for(type = H5FD_MEM_SUPER; type < H5FD_MEM_NTYPES; H5_INC_ENUM(H5FD_mem_t, type)) ++ H5F_addr_decode(f, &p, &(fsinfo->fs_addr[type-1])); ++ break; ++ ++ case H5F_FILE_SPACE_ALL: ++ fsinfo->strategy = H5F_FSPACE_STRATEGY_FSM_AGGR; ++ fsinfo->threshold = threshold; ++ break; ++ ++ case H5F_FILE_SPACE_AGGR_VFD: ++ fsinfo->strategy = H5F_FSPACE_STRATEGY_AGGR; ++ break; ++ ++ case H5F_FILE_SPACE_VFD: ++ fsinfo->strategy = H5F_FSPACE_STRATEGY_NONE; ++ break; ++ ++ case H5F_FILE_SPACE_NTYPES: ++ case H5F_FILE_SPACE_DEFAULT: ++ default: ++ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, NULL, "invalid file space strategy") ++ } /* end switch */ ++ ++ fsinfo->mapped = TRUE; ++ ++ } else { ++ HDassert(vers == H5O_FSINFO_VERSION_1); ++ ++ fsinfo->strategy = (H5F_fspace_strategy_t)*p++; /* File space strategy */ ++ fsinfo->persist = *p++; /* Free-space persist or not */ ++ H5F_DECODE_LENGTH(f, p, fsinfo->threshold); /* Free-space section threshold */ ++ ++ H5F_DECODE_LENGTH(f, p, fsinfo->page_size); /* File space page size */ ++ UINT16DECODE(p, fsinfo->pgend_meta_thres); /* Page end metdata threshold */ ++ H5F_addr_decode(f, &p, &(fsinfo->eoa_pre_fsm_fsalloc)); /* EOA before free-space header and section info */ ++ ++ /* Decode addresses of free space managers, if persisting */ ++ if(fsinfo->persist) { ++ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) ++ H5F_addr_decode(f, &p, &(fsinfo->fs_addr[ptype - 1])); ++ } /* end if */ ++ ++ fsinfo->mapped = FALSE; ++ } ++ ++ /* Set return value */ ++ ret_value = fsinfo; ++ ++done: ++ if(ret_value == NULL && fsinfo != NULL) ++ fsinfo = H5FL_FREE(H5O_fsinfo_t, fsinfo); ++ ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O_fsinfo_decode() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_encode ++ * ++ * Purpose: Encodes a message. ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O_fsinfo_encode(H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, uint8_t *p, const void *_mesg) ++{ ++ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; ++ H5F_mem_page_t ptype; /* Memory type for iteration */ ++ ++ FUNC_ENTER_NOAPI_NOINIT_NOERR ++ ++ /* check args */ ++ HDassert(f); ++ HDassert(p); ++ HDassert(fsinfo); ++ ++ *p++ = H5O_FSINFO_VERSION_1; /* message version */ ++ *p++ = fsinfo->strategy; /* File space strategy */ ++ *p++ = (unsigned char)fsinfo->persist; /* Free-space persist or not */ ++ H5F_ENCODE_LENGTH(f, p, fsinfo->threshold); /* Free-space section size threshold */ ++ ++ H5F_ENCODE_LENGTH(f, p, fsinfo->page_size); /* File space page size */ ++ UINT16ENCODE(p, fsinfo->pgend_meta_thres); /* Page end metadata threshold */ ++ H5F_addr_encode(f, &p, fsinfo->eoa_pre_fsm_fsalloc); /* EOA before free-space header and section info */ ++ ++ /* Store addresses of free-space managers, if persisting */ ++ if(fsinfo->persist) { ++ /* Addresses of free-space managers */ ++ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) ++ H5F_addr_encode(f, &p, fsinfo->fs_addr[ptype - 1]); ++ } /* end if */ ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O_fsinfo_encode() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_copy ++ * ++ * Purpose: Copies a message from _MESG to _DEST, allocating _DEST if ++ * necessary. ++ * ++ * Return: Success: Ptr to _DEST ++ * Failure: NULL ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static void * ++H5O_fsinfo_copy(const void *_mesg, void *_dest) ++{ ++ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; ++ H5O_fsinfo_t *dest = (H5O_fsinfo_t *) _dest; ++ void *ret_value = NULL; /* Return value */ ++ ++ FUNC_ENTER_NOAPI_NOINIT ++ ++ /* check args */ ++ HDassert(fsinfo); ++ if(!dest && NULL == (dest = H5FL_CALLOC(H5O_fsinfo_t))) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ ++ /* copy */ ++ *dest = *fsinfo; ++ ++ /* Set return value */ ++ ret_value = dest; ++ ++done: ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O_fsinfo_copy() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_size ++ * ++ * Purpose: Returns the size of the raw message in bytes not counting ++ * the message type or size fields, but only the data fields. ++ * This function doesn't take into account alignment. ++ * ++ * Return: Success: Message data size in bytes without alignment. ++ * Failure: zero ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static size_t ++H5O_fsinfo_size(const H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, const void *_mesg) ++{ ++ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; ++ size_t ret_value = 0; /* Return value */ ++ ++ FUNC_ENTER_NOAPI_NOINIT_NOERR ++ ++ ret_value = 3 /* Version, strategy & persist */ ++ + (size_t)H5F_SIZEOF_SIZE(f) /* Free-space section threshold */ ++ + (size_t)H5F_SIZEOF_SIZE(f) /* File space page size */ ++ + 2 /* Page end meta threshold */ ++ + (size_t)H5F_SIZEOF_ADDR(f); ++ ++ /* Free-space manager addresses */ ++ if(fsinfo->persist) ++ ret_value += (H5F_MEM_PAGE_NTYPES - 1) * (size_t)H5F_SIZEOF_ADDR(f); ++ ++ FUNC_LEAVE_NOAPI(ret_value) ++} /* end H5O_fsinfo_size() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_free ++ * ++ * Purpose: Free's the message ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O_fsinfo_free(void *mesg) ++{ ++ FUNC_ENTER_NOAPI_NOINIT_NOERR ++ ++ HDassert(mesg); ++ ++ mesg = H5FL_FREE(H5O_fsinfo_t, mesg); ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O_fsinfo_free() */ ++ ++ ++/*------------------------------------------------------------------------- ++ * Function: H5O_fsinfo_debug ++ * ++ * Purpose: Prints debugging info for a message. ++ * ++ * Return: Non-negative on success/Negative on failure ++ * ++ * Programmer: Vailin Choi; Feb 2009 ++ * ++ *------------------------------------------------------------------------- ++ */ ++static herr_t ++H5O_fsinfo_debug(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, const void *_mesg, FILE * stream, ++ int indent, int fwidth) ++{ ++ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *) _mesg; ++ H5F_mem_page_t ptype; /* Free-space types for iteration */ ++ ++ FUNC_ENTER_NOAPI_NOINIT_NOERR ++ ++ /* check args */ ++ HDassert(f); ++ HDassert(fsinfo); ++ HDassert(stream); ++ HDassert(indent >= 0); ++ HDassert(fwidth >= 0); ++ ++ HDfprintf(stream, "%*s%-*s ", indent, "", fwidth, "File space strategy:"); ++ switch(fsinfo->strategy) { ++ case H5F_FSPACE_STRATEGY_FSM_AGGR: ++ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_FSM_AGGR"); ++ break; ++ ++ case H5F_FSPACE_STRATEGY_PAGE: ++ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_PAGE"); ++ break; ++ ++ case H5F_FSPACE_STRATEGY_AGGR: ++ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_AGGR"); ++ break; ++ ++ case H5F_FSPACE_STRATEGY_NONE: ++ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_NONE"); ++ break; ++ ++ case H5F_FSPACE_STRATEGY_NTYPES: ++ default: ++ HDfprintf(stream, "%s\n", "unknown"); ++ } /* end switch */ ++ ++ HDfprintf(stream, "%*s%-*s %t\n", indent, "", fwidth, ++ "Free-space persist:", fsinfo->persist); ++ ++ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, ++ "Free-space section threshold:", fsinfo->threshold); ++ ++ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, ++ "File space page size:", fsinfo->page_size); ++ ++ HDfprintf(stream, "%*s%-*s %u\n", indent, "", fwidth, ++ "Page end metadata threshold:", fsinfo->pgend_meta_thres); ++ ++ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, ++ "eoa_pre_fsm_fsalloc:", fsinfo->eoa_pre_fsm_fsalloc); ++ ++ if(fsinfo->persist) { ++ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) ++ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, ++ "Free space manager address:", fsinfo->fs_addr[ptype-1]); ++ } /* end if */ ++ ++ FUNC_LEAVE_NOAPI(SUCCEED) ++} /* end H5O_fsinfo_debug() */ ++ +diff --git a/src/H5Oginfo.c b/src/H5Oginfo.c +index d8be51fa04..8ba1f71d9f 100644 +--- a/src/H5Oginfo.c ++++ b/src/H5Oginfo.c +@@ -32,7 +32,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_ginfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_ginfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_ginfo_copy(const void *_mesg, void *_dest); + static size_t H5O_ginfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -94,7 +94,8 @@ H5FL_DEFINE_STATIC(H5O_ginfo_t); + */ + static void * + H5O_ginfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_ginfo_t *ginfo = NULL; /* Pointer to group information message */ + unsigned char flags; /* Flags for encoding group info */ +diff --git a/src/H5Olayout.c b/src/H5Olayout.c +index 3bbee129e0..5c5ad42730 100644 +--- a/src/H5Olayout.c ++++ b/src/H5Olayout.c +@@ -35,7 +35,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_layout_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_layout_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_layout_copy(const void *_mesg, void *_dest); + static size_t H5O_layout_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -95,7 +95,8 @@ H5FL_DEFINE(H5O_layout_t); + */ + static void * + H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_layout_t *mesg = NULL; + unsigned u; +diff --git a/src/H5Olinfo.c b/src/H5Olinfo.c +index 03e545f260..a612ae5e2b 100644 +--- a/src/H5Olinfo.c ++++ b/src/H5Olinfo.c +@@ -36,7 +36,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_linfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_linfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_linfo_copy(const void *_mesg, void *_dest); + static size_t H5O_linfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -113,7 +113,8 @@ H5FL_DEFINE_STATIC(H5O_linfo_t); + */ + static void * + H5O_linfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_linfo_t *linfo = NULL; /* Link info */ + unsigned char index_flags; /* Flags for encoding link index info */ +diff --git a/src/H5Olink.c b/src/H5Olink.c +index 1b57f22529..c0dd1d8c4b 100644 +--- a/src/H5Olink.c ++++ b/src/H5Olink.c +@@ -38,7 +38,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_link_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_link_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_link_copy(const void *_mesg, void *_dest); + static size_t H5O_link_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -117,7 +117,8 @@ H5FL_DEFINE_STATIC(H5O_link_t); + */ + static void * + H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_link_t *lnk = NULL; /* Pointer to link message */ + size_t len = 0; /* Length of a string in the message */ +diff --git a/src/H5Omessage.c b/src/H5Omessage.c +index bbcf5a6ea7..98517a34ed 100644 +--- a/src/H5Omessage.c ++++ b/src/H5Omessage.c +@@ -1821,7 +1821,7 @@ done: + */ + void * + H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, +- const unsigned char *buf) ++ size_t buf_size, const unsigned char *buf) + { + const H5O_msg_class_t *type; /* Actual H5O class type for the ID */ + void *ret_value; /* Return value */ +@@ -1836,7 +1836,7 @@ H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, + HDassert(type); + + /* decode */ +- if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf)) == NULL) ++ if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf_size, buf)) == NULL) + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode message") + + done: +diff --git a/src/H5Omtime.c b/src/H5Omtime.c +index 46dd499250..e4db09bad3 100644 +--- a/src/H5Omtime.c ++++ b/src/H5Omtime.c +@@ -27,12 +27,12 @@ + + + static void *H5O_mtime_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_mtime_new_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static size_t H5O_mtime_new_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); + + static void *H5O_mtime_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_mtime_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_mtime_copy(const void *_mesg, void *_dest); + static size_t H5O_mtime_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -118,7 +118,8 @@ H5FL_DEFINE(time_t); + */ + static void * + H5O_mtime_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + time_t *mesg; + uint32_t tmp_time; /* Temporary copy of the time */ +@@ -171,7 +172,8 @@ done: + */ + static void * + H5O_mtime_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + time_t *mesg, the_time; + int i; +diff --git a/src/H5Oname.c b/src/H5Oname.c +index 007e20f9a6..5248168c30 100644 +--- a/src/H5Oname.c ++++ b/src/H5Oname.c +@@ -32,7 +32,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_name_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_name_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_name_copy(const void *_mesg, void *_dest); + static size_t H5O_name_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -83,7 +83,8 @@ const H5O_msg_class_t H5O_MSG_NAME[1] = {{ + */ + static void * + H5O_name_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_name_t *mesg; + void *ret_value; /* Return value */ +diff --git a/src/H5Opkg.h b/src/H5Opkg.h +index cd585beefd..f4b80147b8 100644 +--- a/src/H5Opkg.h ++++ b/src/H5Opkg.h +@@ -186,7 +186,7 @@ + \ + /* Decode the message */ \ + HDassert(msg_type->decode); \ +- if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw))) \ ++ if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw_size, (MSG)->raw))) \ + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, ERR, "unable to decode message") \ + \ + /* Mark the message dirty if it was changed by decoding */ \ +@@ -222,7 +222,7 @@ struct H5O_msg_class_t { + const char *name; /*for debugging */ + size_t native_size; /*size of native message */ + unsigned share_flags; /* Message sharing settings */ +- void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, const uint8_t *); ++ void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, size_t, const uint8_t *); + herr_t (*encode)(H5F_t *, hbool_t, uint8_t *, const void *); + void *(*copy)(const void *, void *); /*copy native value */ + size_t (*raw_size)(const H5F_t *, hbool_t, const void *);/*sizeof encoded message */ +diff --git a/src/H5Opline.c b/src/H5Opline.c +index 42fb72c9cb..0cd791213c 100644 +--- a/src/H5Opline.c ++++ b/src/H5Opline.c +@@ -33,7 +33,7 @@ + /* PRIVATE PROTOTYPES */ + static herr_t H5O_pline_encode(H5F_t *f, uint8_t *p, const void *mesg); + static void *H5O_pline_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static void *H5O_pline_copy(const void *_mesg, void *_dest); + static size_t H5O_pline_size(const H5F_t *f, const void *_mesg); + static herr_t H5O_pline_reset(void *_mesg); +@@ -108,13 +108,15 @@ H5FL_DEFINE(H5O_pline_t); + */ + static void * + H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t p_size, const uint8_t *p) + { + H5O_pline_t *pline = NULL; /* Pipeline message */ + H5Z_filter_info_t *filter; /* Filter to decode */ + size_t name_length; /* Length of filter name */ + size_t i; /* Local index variable */ +- void *ret_value; /* Return value */ ++ const uint8_t *p_end = p + p_size - 1; /* End of the p buffer */ ++ void *ret_value = NULL; /* Return value */ + + FUNC_ENTER_NOAPI_NOINIT + +@@ -123,12 +125,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 + + /* Allocate space for I/O pipeline message */ + if(NULL == (pline = H5FL_CALLOC(H5O_pline_t))) +- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + + /* Version */ + pline->version = *p++; + if(pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST) +- HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") ++ HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") + + /* Number of filters */ + pline->nused = *p++; +@@ -142,12 +144,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 + /* Allocate array for filters */ + pline->nalloc = pline->nused; + if(NULL == (pline->filter = (H5Z_filter_info_t *)H5MM_calloc(pline->nalloc * sizeof(pline->filter[0])))) +- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + + /* Decode filters */ + for(i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) { + /* Filter ID */ +- UINT16DECODE(p, filter->id); ++ UINT16DECODE(p, filter->id); + + /* Length of filter name */ + if(pline->version > H5O_PLINE_VERSION_1 && filter->id < H5Z_FILTER_RESERVED) +@@ -159,18 +161,18 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 + } /* end if */ + + /* Filter flags */ +- UINT16DECODE(p, filter->flags); ++ UINT16DECODE(p, filter->flags); + + /* Number of filter parameters ("client data elements") */ +- UINT16DECODE(p, filter->cd_nelmts); ++ UINT16DECODE(p, filter->cd_nelmts); + + /* Filter name, if there is one */ +- if(name_length) { ++ if(name_length) { + size_t actual_name_length; /* Actual length of name */ + + /* Determine actual name length (without padding, but with null terminator) */ +- actual_name_length = HDstrlen((const char *)p) + 1; +- HDassert(actual_name_length <= name_length); ++ actual_name_length = HDstrlen((const char *)p) + 1; ++ HDassert(actual_name_length <= name_length); + + /* Allocate space for the filter name, or use the internal buffer */ + if(actual_name_length > H5Z_COMMON_NAME_LEN) { +@@ -181,12 +183,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 + else + filter->name = filter->_name; + +- HDstrncpy(filter->name, (const char *)p, actual_name_length); +- p += name_length; +- } /* end if */ ++ HDstrncpy(filter->name, (const char *)p, actual_name_length); ++ p += name_length; ++ } /* end if */ + + /* Filter parameters */ +- if(filter->cd_nelmts) { ++ if(filter->cd_nelmts) { + size_t j; /* Local index variable */ + + /* Allocate space for the client data elements, or use the internal buffer */ +@@ -198,15 +200,20 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 + else + filter->cd_values = filter->_cd_values; + +- /* +- * Read the client data values and the padding +- */ +- for(j = 0; j < filter->cd_nelmts; j++) +- UINT32DECODE(p, filter->cd_values[j]); ++ /* ++ * Read the client data values and the padding ++ */ ++ for (j = 0; j < filter->cd_nelmts; j++) { ++ if (p + 4 - 1 <= p_end) ++ UINT32DECODE(p, filter->cd_values[j]) ++ else ++ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_size = %zu, p_end = %p", p, p_size, p_end) ++ } ++ + if(pline->version == H5O_PLINE_VERSION_1) + if(filter->cd_nelmts % 2) + p += 4; /*padding*/ +- } /* end if */ ++ } /* end if */ + } /* end for */ + + /* Set return value */ +diff --git a/src/H5Oprivate.h b/src/H5Oprivate.h +index ca0fc8e633..1f51705243 100644 +--- a/src/H5Oprivate.h ++++ b/src/H5Oprivate.h +@@ -710,7 +710,7 @@ H5_DLL herr_t H5O_msg_get_crt_index(unsigned type_id, const void *mesg, + H5_DLL herr_t H5O_msg_encode(H5F_t *f, unsigned type_id, hbool_t disable_shared, + unsigned char *buf, const void *obj); + H5_DLL void* H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned type_id, const unsigned char *buf); ++ unsigned type_id, size_t buf_size, const unsigned char *buf); + H5_DLL herr_t H5O_msg_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, + unsigned type_id, void *mesg); + H5_DLL int H5O_msg_get_chunkno(const H5O_loc_t *loc, unsigned type_id, hid_t dxpl_id); +diff --git a/src/H5Orefcount.c b/src/H5Orefcount.c +index 22b1a02835..78ff791729 100644 +--- a/src/H5Orefcount.c ++++ b/src/H5Orefcount.c +@@ -32,7 +32,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_refcount_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_refcount_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_refcount_copy(const void *_mesg, void *_dest); + static size_t H5O_refcount_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -89,7 +89,8 @@ H5FL_DEFINE_STATIC(H5O_refcount_t); + */ + static void * + H5O_refcount_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_refcount_t *refcount = NULL; /* Reference count */ + void *ret_value; /* Return value */ +diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c +index 557a44bb3c..627ea190a3 100644 +--- a/src/H5Osdspace.c ++++ b/src/H5Osdspace.c +@@ -26,7 +26,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_sdspace_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg); + static void *H5O_sdspace_copy(const void *_mesg, void *_dest); + static size_t H5O_sdspace_size(const H5F_t *f, const void *_mesg); +@@ -110,7 +110,8 @@ H5FL_ARR_EXTERN(hsize_t); + --------------------------------------------------------------------------*/ + static void * + H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5S_extent_t *sdim = NULL;/* New extent dimensionality structure */ + void *ret_value; +diff --git a/src/H5Oshared.c b/src/H5Oshared.c +index 0d692f9489..2475dd5137 100644 +--- a/src/H5Oshared.c ++++ b/src/H5Oshared.c +@@ -156,7 +156,7 @@ H5O_shared_read(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned *ioflags, + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "can't read message from fractal heap.") + + /* Decode the message */ +- if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_ptr))) ++ if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_size, mesg_ptr))) + HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "can't decode shared message.") + } /* end if */ + else { +diff --git a/src/H5Oshared.h b/src/H5Oshared.h +index f71f5f6f36..e60d7ba37b 100644 +--- a/src/H5Oshared.h ++++ b/src/H5Oshared.h +@@ -47,7 +47,7 @@ + */ + static H5_INLINE void * + H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, +- unsigned *ioflags, const uint8_t *p) ++ unsigned *ioflags, size_t p_size, const uint8_t *p) + { + void *ret_value; /* Return value */ + +@@ -67,7 +67,7 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, + if(mesg_flags & H5O_MSG_FLAG_SHARED) { + /* Retrieve native message info indirectly through shared message */ + if(NULL == (ret_value = H5O_shared_decode(f, dxpl_id, open_oh, ioflags, p, H5O_SHARED_TYPE))) +- HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") + + /* We currently do not support automatically fixing shared messages */ + #ifdef H5_STRICT_FORMAT_CHECKS +@@ -79,8 +79,8 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, + } /* end if */ + else { + /* Decode native message directly */ +- if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p))) +- HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") ++ if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p_size, p))) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") + } /* end else */ + + done: +diff --git a/src/H5Oshmesg.c b/src/H5Oshmesg.c +index 536f67e8be..489114aee8 100644 +--- a/src/H5Oshmesg.c ++++ b/src/H5Oshmesg.c +@@ -27,7 +27,7 @@ + #include "H5MMprivate.h" /* Memory management */ + + static void *H5O_shmesg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_shmesg_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_shmesg_copy(const void *_mesg, void *_dest); + static size_t H5O_shmesg_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -75,7 +75,8 @@ const H5O_msg_class_t H5O_MSG_SHMESG[1] = {{ + */ + static void * + H5O_shmesg_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_shmesg_table_t *mesg; /* Native message */ + void *ret_value; /* Return value */ +diff --git a/src/H5Ostab.c b/src/H5Ostab.c +index 928307e580..cf8c96a6ad 100644 +--- a/src/H5Ostab.c ++++ b/src/H5Ostab.c +@@ -35,7 +35,7 @@ + + /* PRIVATE PROTOTYPES */ + static void *H5O_stab_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, +- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); ++ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); + static herr_t H5O_stab_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); + static void *H5O_stab_copy(const void *_mesg, void *_dest); + static size_t H5O_stab_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); +@@ -96,7 +96,8 @@ H5FL_DEFINE_STATIC(H5O_stab_t); + */ + static void * + H5O_stab_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, +- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) ++ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, ++ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) + { + H5O_stab_t *stab = NULL; + void *ret_value; /* Return value */ +diff --git a/src/H5S.c b/src/H5S.c +index d03d5235c6..50bee52151 100644 +--- a/src/H5S.c ++++ b/src/H5S.c +@@ -1644,7 +1644,7 @@ H5S_decode(const unsigned char *buf) + + /* Decode the extent part of dataspace */ + /* (pass mostly bogus file pointer and bogus DXPL) */ +- if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, buf))==NULL) ++ if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, extent_size, buf))==NULL) + HGOTO_ERROR(H5E_DATASPACE, H5E_CANTDECODE, NULL, "can't decode object") + buf += extent_size; + +diff --git a/src/H5SM.c b/src/H5SM.c +index 080eb7c54e..b549b593f2 100644 +--- a/src/H5SM.c ++++ b/src/H5SM.c +@@ -69,7 +69,7 @@ static herr_t H5SM_write_mesg(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, + static herr_t H5SM_decr_ref(void *record, void *op_data, hbool_t *changed); + static herr_t H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, + H5SM_index_header_t *header, const H5O_shared_t * mesg, +- unsigned *cache_flags, void ** /*out*/ encoded_mesg); ++ unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg); + static herr_t H5SM_type_to_flag(unsigned type_id, unsigned *type_flag); + static herr_t H5SM_read_iter_op(H5O_t *oh, H5O_mesg_t *mesg, unsigned sequence, + unsigned *oh_modified, void *_udata); +@@ -1518,6 +1518,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) + unsigned cache_flags = H5AC__NO_FLAGS_SET; + H5SM_table_cache_ud_t cache_udata; /* User-data for callback */ + ssize_t index_num; ++ size_t mesg_size = 0; + void *mesg_buf = NULL; + void *native_mesg = NULL; + unsigned type_id; /* Message type ID to operate on */ +@@ -1547,8 +1548,8 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) + * zero and any file space it uses needs to be freed. mesg_buf holds the + * serialized form of the message. + */ +- if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_buf) < 0) +- HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") ++ if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_size, &mesg_buf) < 0) ++ HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") + + /* Release the master SOHM table */ + if(H5AC_unprotect(f, dxpl_id, H5AC_SOHM_TABLE, H5F_SOHM_ADDR(f), table, cache_flags) < 0) +@@ -1560,7 +1561,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) + * master table needs to be unprotected when we do this. + */ + if(mesg_buf) { +- if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, (const unsigned char *)mesg_buf))) ++ if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, mesg_size, (const unsigned char *)mesg_buf))) + HGOTO_ERROR(H5E_SOHM, H5E_CANTDECODE, FAIL, "can't decode shared message.") + + if(H5O_msg_delete(f, dxpl_id, open_oh, type_id, native_mesg) < 0) +@@ -1747,7 +1748,7 @@ H5SM_decr_ref(void *record, void *op_data, hbool_t *changed) + static herr_t + H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, + H5SM_index_header_t *header, const H5O_shared_t *mesg, +- unsigned *cache_flags, void ** /*out*/ encoded_mesg) ++ unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg) + { + H5SM_list_t *list = NULL; + H5SM_mesg_key_t key; +@@ -1879,6 +1880,7 @@ H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, + + /* Return the message's encoding so anything it references can be freed */ + *encoded_mesg = encoding_buf; ++ *mesg_size = buf_size; + + /* If there are no messages left in the index, delete it */ + if(header->num_messages == 0) { +@@ -1920,8 +1922,10 @@ done: + /* Free the message encoding, if we're not returning it in encoded_mesg + * or if there's been an error. + */ +- if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) ++ if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) { + encoding_buf = H5MM_xfree(encoding_buf); ++ *mesg_size = 0; ++ } + + FUNC_LEAVE_NOAPI(ret_value) + } /* end H5SM_delete_from_index() */ +diff --git a/src/H5T.c b/src/H5T.c +index d705b99d33..9eeb7db193 100644 +--- a/src/H5T.c ++++ b/src/H5T.c +@@ -2801,8 +2801,13 @@ H5Tdecode(const void *buf) + if(buf == NULL) + HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "empty buffer") + +- /* Create datatype by decoding buffer */ +- if(NULL == (dt = H5T_decode((const unsigned char *)buf))) ++ /* Create datatype by decoding buffer ++ * There is no way to get the size of the buffer, so we pass in ++ * SIZE_MAX and assume the caller knows what they are doing. ++ * Really fixing this will require an H5Tdecode2() call that ++ * takes a size parameter. ++ */ ++ if(NULL == (dt = H5T_decode(SIZE_MAX, (const unsigned char *)buf))) + HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "can't decode object") + + /* Register the type and return the ID */ +@@ -2891,7 +2896,7 @@ done: + *------------------------------------------------------------------------- + */ + static H5T_t * +-H5T_decode(const unsigned char *buf) ++H5T_decode(size_t buf_size, const unsigned char *buf) + { + H5F_t *f = NULL; /* Fake file structure*/ + H5T_t *ret_value = NULL; /* Return value */ +@@ -2911,7 +2916,7 @@ H5T_decode(const unsigned char *buf) + HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype") + + /* Decode the serialized datatype message */ +- if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf))) ++ if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_noio_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) + HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object") + + /* Mark datatype as being in memory now */ +diff --git a/src/H5Tprivate.h b/src/H5Tprivate.h +index 81af0567d4..f5191416ad 100644 +--- a/src/H5Tprivate.h ++++ b/src/H5Tprivate.h +@@ -112,6 +112,8 @@ H5_DLL H5T_class_t H5T_get_class(const H5T_t *dt, htri_t internal); + H5_DLL htri_t H5T_detect_class(const H5T_t *dt, H5T_class_t cls, hbool_t from_api); + H5_DLL size_t H5T_get_size(const H5T_t *dt); + H5_DLL int H5T_cmp(const H5T_t *dt1, const H5T_t *dt2, hbool_t superset); ++H5_DLL herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); ++H5_DLL H5T_t *H5T_decode(size_t buf_size, const unsigned char *buf); + H5_DLL herr_t H5T_debug(const H5T_t *dt, FILE * stream); + H5_DLL struct H5O_loc_t *H5T_oloc(H5T_t *dt); + H5_DLL H5G_name_t *H5T_nameof(H5T_t *dt); +-- +2.23.0 + diff --git a/CVE-2018-13867.patch b/CVE-2018-13867.patch deleted file mode 100644 index 26fe5a29a905d42f811488886a9150f72b092d14..0000000000000000000000000000000000000000 --- a/CVE-2018-13867.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Egbert Eich -Date: Mon Oct 10 08:43:44 2022 +0200 -Subject: Validate location (offset) of the accumulated metadata when comparing -Patch-mainline: Not yet -Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5 -Git-commit: 2cf9918ae66f023a2b6d44eb591ee2ac479a6e53 -References: - -Initially, the accumulated metadata location is initialized to HADDR_UNDEF -- the highest available address. Bogus input files may provide a location -or size matching this value. Comparing this address against such bogus -values may provide false positives. This make sure, the value has been -initilized or fail the comparison early and let other parts of the -code deal with the bogus address/size. -Note: To avoid unnecessary checks, we have assumed that if the 'dirty' -member in the same structure is true the location is valid. - -This fixes CVE-2018-13867. - -Signed-off-by: Egbert Eich -Signed-off-by: Egbert Eich ---- - src/H5Faccum.c | 19 +++++++++++++------ - 1 file changed, 13 insertions(+), 6 deletions(-) -diff --git a/src/H5Faccum.c b/src/H5Faccum.c -index aed5812e63..73bd4b811e 100644 ---- a/src/H5Faccum.c -+++ b/src/H5Faccum.c -@@ -48,6 +48,7 @@ - #define H5F_ACCUM_THROTTLE 8 - #define H5F_ACCUM_THRESHOLD 2048 - #define H5F_ACCUM_MAX_SIZE (1024 * 1024) /* Max. accum. buf size (max. I/Os will be 1/2 this size) */ -+#define H5F_LOC_VALID(x) (x != HADDR_UNDEF) - - /******************/ - /* Local Typedefs */ -@@ -126,8 +127,9 @@ H5F__accum_read(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t si - HDassert(!accum->buf || (accum->alloc_size >= accum->size)); - - /* Current read adjoins or overlaps with metadata accumulator */ -- if (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) || -- (accum->loc + accum->size) == addr) { -+ if (H5F_LOC_VALID(accum->loc) && -+ (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) || -+ (accum->loc + accum->size) == addr)) { - size_t amount_before; /* Amount to read before current accumulator */ - haddr_t new_addr; /* New address of the accumulator buffer */ - size_t new_size; /* New size of the accumulator buffer */ -@@ -439,7 +441,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s - /* Check if there is already metadata in the accumulator */ - if (accum->size > 0) { - /* Check if the new metadata adjoins the beginning of the current accumulator */ -- if ((addr + size) == accum->loc) { -+ if (H5F_LOC_VALID(accum->loc) -+ && (addr + size) == accum->loc) { - /* Check if we need to adjust accumulator size */ - if (H5F__accum_adjust(accum, file, H5F_ACCUM_PREPEND, size) < 0) - HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator") -@@ -464,7 +467,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s - accum->dirty_off = 0; - } /* end if */ - /* Check if the new metadata adjoins the end of the current accumulator */ -- else if (addr == (accum->loc + accum->size)) { -+ else if (H5F_LOC_VALID(accum->loc) && -+ addr == (accum->loc + accum->size)) { - /* Check if we need to adjust accumulator size */ - if (H5F__accum_adjust(accum, file, H5F_ACCUM_APPEND, size) < 0) - HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator") -@@ -485,7 +489,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s - accum->size += size; - } /* end if */ - /* Check if the piece of metadata being written overlaps the metadata accumulator */ -- else if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) { -+ else if (H5F_LOC_VALID(accum->loc) && -+ H5F_addr_overlap(addr, size, accum->loc, accum->size)) { - size_t add_size; /* New size of the accumulator buffer */ - - /* Check if the new metadata is entirely within the current accumulator */ -@@ -745,7 +750,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s - /* (Note that this could be improved by updating the accumulator - * with [some of] the information just read in. -QAK) - */ -- if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) { -+ if (H5F_LOC_VALID(accum->loc) && -+ H5F_addr_overlap(addr, size, accum->loc, accum->size)) { - /* Check for write starting before beginning of accumulator */ - if (H5F_addr_le(addr, accum->loc)) { - /* Check for write ending within accumulator */ -@@ -868,6 +874,7 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr - - /* Adjust the metadata accumulator to remove the freed block, if it overlaps */ - if ((f_sh->feature_flags & H5FD_FEAT_ACCUMULATE_METADATA) && -+ H5F_LOC_VALID(accum->loc) && - H5F_addr_overlap(addr, size, accum->loc, accum->size)) { - size_t overlap_size; /* Size of overlap with accumulator */ - diff --git a/CVE-2018-13869-CVE-2018-13870.patch b/CVE-2018-13869-CVE-2018-13870.patch new file mode 100644 index 0000000000000000000000000000000000000000..b23e8fafc4ac7dde9b5b00ed184250e9444e836c --- /dev/null +++ b/CVE-2018-13869-CVE-2018-13870.patch @@ -0,0 +1,77 @@ +From 068fc878c39a37c0b3865cb6cd01eb57f4dbde74 Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Mon, 3 Aug 2020 12:48:58 -0500 +Subject: [PATCH] Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and + CVE-2018-13869) + +Description: + When a buffer overflow occurred because a name length was corrupted + and became very large, h5dump produced a segfault on one file and a + memcpy parameter overlap on another file. This commit added checks + that detect a read pass the end of the buffer to prevent these error + conditions. +Platforms tested: + Linux/64 (jelly) + +--- + src/H5Olink.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/src/H5Olink.c b/src/H5Olink.c +index c0dd1d8c4b..e48ec45c74 100644 +--- a/src/H5Olink.c ++++ b/src/H5Olink.c +@@ -118,11 +118,12 @@ H5FL_DEFINE_STATIC(H5O_link_t); + static void * + H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, + unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, +- size_t H5_ATTR_UNUSED p_size, const uint8_t *p) ++ size_t p_size, const uint8_t *p) + { + H5O_link_t *lnk = NULL; /* Pointer to link message */ + size_t len = 0; /* Length of a string in the message */ + unsigned char link_flags; /* Flags for encoding link info */ ++ const uint8_t *p_end = p + p_size; /* End of the p buffer */ + void *ret_value; /* Return value */ + + FUNC_ENTER_NOAPI_NOINIT +@@ -198,6 +199,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op + if(len == 0) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid name length") + ++ /* Make sure that length doesn't exceed buffer size, which could occur ++ when the file is corrupted */ ++ if(p + len > p_end) ++ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") ++ + /* Get the link's name */ + if(NULL == (lnk->name = (char *)H5MM_malloc(len + 1))) + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") +@@ -217,6 +223,12 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op + UINT16DECODE(p, len) + if(len == 0) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid link length") ++ ++ /* Make sure that length doesn't exceed buffer size, which could occur ++ when the file is corrupted */ ++ if(p + len > p_end) ++ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") ++ + if(NULL == (lnk->u.soft.name = (char *)H5MM_malloc((size_t)len + 1))) + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HDmemcpy(lnk->u.soft.name, p, len); +@@ -237,6 +249,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op + lnk->u.ud.size = len; + if(len > 0) + { ++ /* Make sure that length doesn't exceed buffer size, which could ++ occur when the file is corrupted */ ++ if(p + len > p_end) ++ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") ++ + if(NULL == (lnk->u.ud.udata = H5MM_malloc((size_t)len))) + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HDmemcpy(lnk->u.ud.udata, p, len); +-- +2.23.0 + diff --git a/CVE-2018-13873.patch b/CVE-2018-13873.patch new file mode 100644 index 0000000000000000000000000000000000000000..1ee65dc1cf50c17d001a920d507fc397cb56a238 --- /dev/null +++ b/CVE-2018-13873.patch @@ -0,0 +1,54 @@ +From e1b59919bb96f68f3b372a73790ecbe4ac3b395a Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Sun, 6 Jan 2019 01:44:40 -0600 +Subject: [PATCH] HDFFV-10578 and HDFFV-10676 Description: HDFFV-10578 - + CVE-2018-17234 The file has some issue, however, there was a bug in + h5dump that caused memory leaks after the problem in the file was + encountered. The bug was that an if statement was missing in the + function table_list_add() resulting in the memory not being freed at + a later time. After the fix had been applied, there were no more + leaks after h5dump detected the issue in the file and reported the + error. + + In H5O__chunk_deserialize, replaced an assert with an if statement + and reporting error, per Neil's recommendation + + HDFFV-10676 - CVE-2018-13873 + Also in H5O__chunk_deserialize, added an assertion to detect + out of bound ids +--- + src/H5Ocache.c | 5 ++++- + tools/src/h5dump/h5dump.c | 7 ++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/H5Ocache.c b/src/H5Ocache.c +index fba4f6e586..034048fd4e 100644 +--- a/src/H5Ocache.c ++++ b/src/H5Ocache.c +@@ -1129,6 +1129,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") + if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN)) + HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") ++ ++ HDassert(id < NELMTS(H5O_msg_class_g)); + if((flags & H5O_MSG_FLAG_SHAREABLE) + && H5O_msg_class_g[id] + && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) +diff --git a/tools/src/h5dump/h5dump.c b/tools/src/h5dump/h5dump.c +index b9e37e8379..5267188dad 100644 +--- a/tools/h5dump/h5dump.c ++++ b/tools/h5dump/h5dump.c +@@ -403,9 +403,10 @@ table_list_add(hid_t oid, unsigned long file_no) + } + if(init_objs(oid, &info, &table_list.tables[idx].group_table, + &table_list.tables[idx].dset_table, &table_list.tables[idx].type_table) < 0) { +- H5Idec_ref(oid); +- table_list.nused--; +- return -1; ++ if (H5Idec_ref(oid) < 0) { ++ table_list.nused--; ++ return -1; ++ } + } + + #ifdef H5DUMP_DEBUG diff --git a/CVE-2018-14031.patch b/CVE-2018-14031.patch deleted file mode 100644 index be2803832c7cbee27628c2163d0bd5bb06b33440..0000000000000000000000000000000000000000 --- a/CVE-2018-14031.patch +++ /dev/null @@ -1,35 +0,0 @@ -From: Egbert Eich -Date: Wed Sep 28 14:54:58 2022 +0200 -Subject: H5O_dtype_decode_helper: Parent of enum needs to have same size as enum itself -Patch-mainline: Not yet -Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5 -Git-commit: d39a27113ef75058f236b0606a74b4af5767c4e7 -References: - -The size of the enumeration values is determined by the size of the parent. -Functions accessing the enumeration values use the size of the enumartion -to determine the size of each element and how much data to copy. Thus the -size of the enumeration and its parent need to match. -Check here to avoid unpleasant surprises later. - -This fixes CVE-2018-14031. - -Signed-off-by: Egbert Eich -Signed-off-by: Egbert Eich ---- - src/H5Odtype.c | 3 +++ - 1 file changed, 3 insertions(+) -diff --git a/src/H5Odtype.c b/src/H5Odtype.c -index 9af79f4e9a..dc2b904362 100644 ---- a/src/H5Odtype.c -+++ b/src/H5Odtype.c -@@ -472,6 +472,9 @@ H5O__dtype_decode_helper(unsigned *ioflags /*in,out*/, const uint8_t **pp, H5T_t - if (H5O__dtype_decode_helper(ioflags, pp, dt->shared->parent) < 0) - HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "unable to decode parent datatype") - -+ if (dt->shared->parent->shared->size != dt->shared->size) -+ HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "ENUM size does not match parent") -+ - /* Check if the parent of this enum has a version greater than the - * enum itself. */ - H5O_DTYPE_CHECK_VERSION(dt, version, dt->shared->parent->shared->version, ioflags, "enum", FAIL) diff --git a/CVE-2018-16438.patch b/CVE-2018-16438.patch deleted file mode 100644 index 85504b6854fb0f1633f01e3431f4d2dcb8688e51..0000000000000000000000000000000000000000 --- a/CVE-2018-16438.patch +++ /dev/null @@ -1,34 +0,0 @@ -From: Egbert Eich -Date: Sun Oct 9 08:07:23 2022 +0200 -Subject: Make sure info block for external links has at least 3 bytes -Patch-mainline: Not yet -Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5 -Git-commit: 082bfe392b04b1137da9eabd1ecac76c212ab385 -References: - -According to the specification, the information block for external links -contains 1 byte of version/flag information and two 0 terminated strings -for the object linked to and the full path. -Although not very useful, the minimum string length for each would be one -byte. - -This fixes CVE-2018-16438. - -Signed-off-by: Egbert Eich -Signed-off-by: Egbert Eich ---- - src/H5Olink.c | 2 ++ - 1 file changed, 2 insertions(+) -diff --git a/src/H5Olink.c b/src/H5Olink.c -index 51c44a36b0..074744b022 100644 ---- a/src/H5Olink.c -+++ b/src/H5Olink.c -@@ -241,6 +241,8 @@ H5O__link_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE - /* A UD link. Get the user-supplied data */ - UINT16DECODE(p, len) - lnk->u.ud.size = len; -+ if (lnk->type == H5L_TYPE_EXTERNAL && len < 3) -+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "external link information lenght < 3") - if (len > 0) { - /* Make sure that length doesn't exceed buffer size, which could - occur when the file is corrupted */ diff --git a/CVE-2018-17233.patch b/CVE-2018-17233.patch new file mode 100644 index 0000000000000000000000000000000000000000..0f2bd276c5df16500b35da837c3ac8b4094c99b7 --- /dev/null +++ b/CVE-2018-17233.patch @@ -0,0 +1,88 @@ +From f891c38c6e724e9032a534512618b9650be76377 Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Fri, 4 Jan 2019 11:46:29 -0600 +Subject: [PATCH] Fixed CVE division-by-zero issues Description: Fixed + HDFFV-10577 and similar issues found in H5Dchunk.c. All the occurrences + are in: H5D__create_chunk_map_single + H5D__create_chunk_file_map_hyper H5D__chunk_allocate + H5D__chunk_update_old_edge_chunks H5D__chunk_prune_by_extent + H5D__chunk_copy_cb H5D__chunk_collective_fill Also updated + RELEASE.txt for the chunk query functions and removed some blank lines in + chunk_info.c. Platforms tested: Linux/64 (jelly) Linux/64 (platypus) + Darwin (osx1010test) + +--- + src/H5Dchunk.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c +index 021335f..1dc7a25 100644 +--- a/src/H5Dchunk.c ++++ b/src/H5Dchunk.c +@@ -1380,6 +1380,9 @@ H5D__create_chunk_map_single(H5D_chunk_map_t *fm, const H5D_io_info_t + + /* Set chunk location & hyperslab size */ + for(u = 0; u < fm->f_ndims; u++) { ++ /* Validate this chunk dimension */ ++ if(fm->layout->u.chunk.dim[u] == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u) + HDassert(sel_start[u] == sel_end[u]); + chunk_info->coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u]; + } /* end for */ +@@ -1465,6 +1468,9 @@ H5D__create_chunk_file_map_hyper(H5D_chunk_map_t *fm, const H5D_io_info_t + + /* Set initial chunk location & hyperslab size */ + for(u = 0; u < fm->f_ndims; u++) { ++ /* Validate this chunk dimension */ ++ if(fm->layout->u.chunk.dim[u] == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u) + start_coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u]; + coords[u] = start_coords[u]; + end[u] = (coords[u] + fm->chunk_dim[u]) - 1; +@@ -3595,6 +3601,9 @@ H5D__chunk_allocate(const H5D_t *dset, hid_t dxpl_id, hbool_t full_overwrite, + * that we assume here that all elements of space_dim are > 0. This is + * checked at the top of this function */ + for(op_dim=0; op_dim 0, dim = %u ", op_dim) + min_unalloc[op_dim] = ((old_dim[op_dim] + chunk_dim[op_dim] - 1) + / chunk_dim[op_dim]) * chunk_dim[op_dim]; + max_unalloc[op_dim] = ((space_dim[op_dim] - 1) / chunk_dim[op_dim]) +@@ -3865,6 +3874,8 @@ H5D__chunk_collective_fill(const H5D_t *dset, hid_t dxpl_id, + HGOTO_ERROR(H5E_PLIST, H5E_CANTCOPY, FAIL, "can't copy property list") + + /* Distribute evenly the number of blocks between processes. */ ++ if(mpi_size == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "Resulted in division by zero") + num_blocks = chunk_info->num_io / mpi_size; /* value should be the same on all procs */ + + /* after evenly distributing the blocks between processes, are +@@ -4324,6 +4335,10 @@ H5D__chunk_prune_by_extent(H5D_t *dset, hid_t dxpl_id, const hsize_t *old_dim) + HDmemset(min_mod_chunk_off, 0, sizeof(min_mod_chunk_off)); + HDmemset(max_mod_chunk_off, 0, sizeof(max_mod_chunk_off)); + for(op_dim = 0; op_dim < space_ndims; op_dim++) { ++ /* Validate this chunk dimension */ ++ if(chunk_dim[op_dim] == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", op_dim) ++ + /* Calculate the largest offset of chunks that might need to be + * modified in this dimension */ + max_mod_chunk_off[op_dim] = chunk_dim[op_dim] * ((old_dim[op_dim] - 1) +@@ -4929,9 +4944,12 @@ H5D__chunk_copy_cb(const H5D_chunk_rec_t *chunk_rec, void *_udata) + /* (background buffer has already been zeroed out, if not expanding) */ + if(udata->cpy_info->expand_ref) { + size_t ref_count; ++ size_t dt_size; + + /* Determine # of reference elements to copy */ +- ref_count = nbytes / H5T_get_size(udata->dt_src); ++ if((dt_size = H5T_get_size(udata->dt_src)) == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "size must not be 0") ++ ref_count = nbytes / dt_size; + + /* Copy the reference elements */ + if(H5O_copy_expand_ref(udata->file_src, buf, udata->idx_info_dst->dxpl_id, udata->idx_info_dst->f, bkg, ref_count, H5T_get_ref_type(udata->dt_src), udata->cpy_info) < 0) +-- +2.23.0 + diff --git a/CVE-2018-17234.patch b/CVE-2018-17234.patch new file mode 100644 index 0000000000000000000000000000000000000000..31d893793315af7a03d8cad1791c3cb81b8b9354 --- /dev/null +++ b/CVE-2018-17234.patch @@ -0,0 +1,84 @@ +From f4138013dbc6851e968ea3d37b32776538ef306b Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Tue, 15 Jan 2019 13:07:22 -0600 +Subject: [PATCH] Fixed HDFFV-10578 + +Description: + - HDFFV-10578 - CVE-2018-17234 Memory leak in H5O__chunk_deserialize() + Actually, the leak was in h5tools_util. Applied Neil's fix. + - Changed an assert to if/HGOTO_ERROR to fail gracefully. +Platforms tested: + Linux/64 (jelly) + Linux/64 (platypus) + Darwin (osx1010test) +--- + src/H5Ocache.c | 3 ++- + src/H5VM.c | 2 +- + tools/lib/h5tools_utils.c | 17 ++++++++++++++++- + 3 files changed, 19 insertions(+), 3 deletions(-) + +diff --git a/src/H5Ocache.c b/src/H5Ocache.c +index ebae3f5..454b287 100644 +--- a/src/H5Ocache.c ++++ b/src/H5Ocache.c +@@ -1116,7 +1116,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, + + /* Message size */ + UINT16DECODE(p, mesg_size); +- HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size)); ++ if(mesg_size != H5O_ALIGN_OH(oh, mesg_size)) ++ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned") + + /* Message flags */ + flags = *p++; +diff --git a/src/H5VM.c b/src/H5VM.c +index 4e48001..db6362c 100644 +--- a/src/H5VM.c ++++ b/src/H5VM.c +@@ -1503,7 +1503,7 @@ done: + * + * Purpose: Given source and destination buffers in memory (SRC & DST) + * copy sequences of from the source buffer into the destination +- * buffer. Each set of sequnces has an array of lengths, an ++ * buffer. Each set of sequences has an array of lengths, an + * array of offsets, the maximum number of sequences and the + * current sequence to start at in the sequence. + * +diff --git a/tools/lib/h5tools_utils.c b/tools/lib/h5tools_utils.c +index 3f66ef6..2e19bfa 100644 +--- a/tools/lib/h5tools_utils.c ++++ b/tools/lib/h5tools_utils.c +@@ -562,6 +562,8 @@ herr_t + init_objs(hid_t fid, find_objs_t *info, table_t **group_table, + table_t **dset_table, table_t **type_table) + { ++ herr_t ret_value = SUCCEED; ++ + /* Initialize the tables */ + init_table(group_table); + init_table(dset_table); +@@ -574,7 +576,20 @@ init_objs(hid_t fid, find_objs_t *info, table_t **group_table, + info->dset_table = *dset_table; + + /* Find all shared objects */ +- return(h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)); ++ if((ret_value = h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)) <0) ++ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "finding shared objects failed") ++ ++done: ++ /* Release resources */ ++ if(ret_value < 0) { ++ free_table(*group_table); ++ info->group_table = NULL; ++ free_table(*type_table); ++ info->type_table = NULL; ++ free_table(*dset_table); ++ info->dset_table = NULL; ++ } ++ return ret_value; + } + + +-- +2.23.0 + diff --git a/CVE-2018-17237.patch b/CVE-2018-17237.patch new file mode 100644 index 0000000000000000000000000000000000000000..51d78e942bc3f3fb5af109528aa87af3bd90664a --- /dev/null +++ b/CVE-2018-17237.patch @@ -0,0 +1,247 @@ +From 4e31361dad4add06792b652dbe5b97e501f9031d Mon Sep 17 00:00:00 2001 +From: Songyu Lu +Date: Tue, 12 Feb 2019 13:48:49 -0600 +Subject: [PATCH] I'm bringing the fixes for the following Jira issues from the + develop branch to 1.10 branch: HDFFV-10571: Divided by Zero vulnerability. + HDFFV-10601: Issues with chunk cache hash value calcuation. HDFFV-10607: + Patches for warnings in the core libraries. HDFFV-10635: HDF5 library + segmentation fault with H5Sselect_element. + +--- + src/H5Dchunk.c | 3 ++ + src/H5HG.c | 8 +++- + src/H5Olayout.c | 8 +++- + src/H5RS.c | 4 +- + src/H5RSprivate.h | 2 +- + test/tvlstr.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 122 insertions(+), 5 deletions(-) + +diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c +index 021335f..6183ad8 100644 +--- a/src/H5Dchunk.c ++++ b/src/H5Dchunk.c +@@ -641,6 +641,9 @@ H5D__chunk_set_info_real(H5O_layout_chunk_t *layout, unsigned ndims, const hsize + + /* Compute the # of chunks in dataset dimensions */ + for(u = 0, layout->nchunks = 1; u < ndims; u++) { ++ /* Sanity check */ ++ HDassert(layout->dim[u] > 0); ++ + /* Round up to the next integer # of chunks, to accomodate partial chunks */ + layout->chunks[u] = ((curr_dims[u] + layout->dim[u]) - 1) / layout->dim[u]; + +diff --git a/src/H5HG.c b/src/H5HG.c +index 194e4eb..e07ca0e 100644 +--- a/src/H5HG.c ++++ b/src/H5HG.c +@@ -757,7 +757,13 @@ H5HG_remove (H5F_t *f, hid_t dxpl_id, H5HG_t *hobj) + HGOTO_ERROR(H5E_HEAP, H5E_CANTPROTECT, FAIL, "unable to protect global heap") + + HDassert(hobj->idx < heap->nused); +- HDassert(heap->obj[hobj->idx].begin); ++ /* When the application selects the same location to rewrite the VL element by using H5Sselect_elements, ++ * it can happen that the entry has been removed by first rewrite. Here we simply skip the removal of ++ * the entry and let the second rewrite happen (see HDFFV-10635). In the future, it'd be nice to handle ++ * this situation in H5T_conv_vlen in H5Tconv.c instead of this level (HDFFV-10648). */ ++ if(heap->obj[hobj->idx].nrefs == 0 && heap->obj[hobj->idx].size == 0 && !heap->obj[hobj->idx].begin) ++ HGOTO_DONE(ret_value) ++ + obj_start = heap->obj[hobj->idx].begin; + /* Include object header size */ + need = H5HG_ALIGN(heap->obj[hobj->idx].size) + H5HG_SIZEOF_OBJHDR(f); +diff --git a/src/H5Olayout.c b/src/H5Olayout.c +index 17385c2..3bbee12 100644 +--- a/src/H5Olayout.c ++++ b/src/H5Olayout.c +@@ -223,9 +223,15 @@ H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED * + H5F_addr_decode(f, &p, &(mesg->storage.u.chunk.idx_addr)); + + /* Chunk dimensions */ +- for(u = 0; u < mesg->u.chunk.ndims; u++) ++ for(u = 0; u < mesg->u.chunk.ndims; u++) { + UINT32DECODE(p, mesg->u.chunk.dim[u]); + ++ /* Just in case that something goes very wrong, such as file corruption. */ ++ if(mesg->u.chunk.dim[u] == 0) ++ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, NULL, "chunk dimension must be positive: mesg->u.chunk.dim[%u] = %u", ++ u, mesg->u.chunk.dim[u]) ++ } /* end for */ ++ + /* Compute chunk size */ + for(u = 1, mesg->u.chunk.size = mesg->u.chunk.dim[0]; u < mesg->u.chunk.ndims; u++) + mesg->u.chunk.size *= mesg->u.chunk.dim[u]; +diff --git a/src/H5RS.c b/src/H5RS.c +index 0a3fff0..ae500c5 100644 +--- a/src/H5RS.c ++++ b/src/H5RS.c +@@ -137,7 +137,7 @@ done: + REVISION LOG + --------------------------------------------------------------------------*/ + H5RS_str_t * +-H5RS_wrap(char *s) ++H5RS_wrap(const char *s) + { + H5RS_str_t *ret_value; /* Return value */ + +@@ -148,7 +148,7 @@ H5RS_wrap(char *s) + HGOTO_ERROR(H5E_RS, H5E_NOSPACE, NULL, "memory allocation failed") + + /* Set the internal fields */ +- ret_value->s = s; ++ ret_value->s = (char *)s; + ret_value->wrapped = 1; + ret_value->n = 1; + +diff --git a/src/H5RSprivate.h b/src/H5RSprivate.h +index f69624a..1d26a18 100644 +--- a/src/H5RSprivate.h ++++ b/src/H5RSprivate.h +@@ -44,7 +44,7 @@ typedef struct H5RS_str_t H5RS_str_t; + /* Private routines */ + /********************/ + H5_DLL H5RS_str_t *H5RS_create(const char *s); +-H5_DLL H5RS_str_t *H5RS_wrap(char *s); ++H5_DLL H5RS_str_t *H5RS_wrap(const char *s); + H5_DLL H5RS_str_t *H5RS_own(char *s); + H5_DLL herr_t H5RS_decr(H5RS_str_t *rs); + H5_DLL herr_t H5RS_incr(H5RS_str_t *rs); +diff --git a/test/tvlstr.c b/test/tvlstr.c +index e5b2a60..bb860a2 100644 +--- a/test/tvlstr.c ++++ b/test/tvlstr.c +@@ -25,10 +25,14 @@ + + #define DATAFILE "tvlstr.h5" + #define DATAFILE2 "tvlstr2.h5" ++#define DATAFILE3 "sel2el.h5" ++ ++#define DATASET "1Darray" + + /* 1-D dataset with fixed dimensions */ + #define SPACE1_RANK 1 + #define SPACE1_DIM1 4 ++#define NUMP 4 + + #define VLSTR_TYPE "vl_string_type" + +@@ -846,6 +850,101 @@ static void test_vl_rewrite(void) + return; + } /* end test_vl_rewrite() */ + ++/**************************************************************** ++ ** ++ ** test_write_same_element(): ++ ** Tests writing to the same element of VL string using ++ ** H5Sselect_element. ++ ** ++ ****************************************************************/ ++static void test_write_same_element(void) ++{ ++ hid_t file1, dataset1; ++ hid_t mspace, fspace, dtype; ++ hsize_t fdim[] = {SPACE1_DIM1}; ++ char *val[SPACE1_DIM1] = {"But", "reuniting", "is a", "great joy"}; ++ hsize_t marray[] = {NUMP}; ++ hsize_t coord[SPACE1_RANK][NUMP]; ++ herr_t ret; ++ ++ char *wdata[SPACE1_DIM1] = {"Parting", "is such a", "sweet", "sorrow."}; ++ ++ file1 = H5Fcreate(DATAFILE3, H5F_ACC_TRUNC, H5P_DEFAULT, H5P_DEFAULT); ++ CHECK(file1, FAIL, "H5Fcreate"); ++ ++ dtype = H5Tcopy(H5T_C_S1); ++ CHECK(dtype, FAIL, "H5Tcopy"); ++ ++ ret = H5Tset_size(dtype, H5T_VARIABLE); ++ CHECK(ret, FAIL, "H5Tset_size"); ++ ++ fspace = H5Screate_simple(SPACE1_RANK, fdim, NULL); ++ CHECK(fspace, FAIL, "H5Screate_simple"); ++ ++ dataset1 = H5Dcreate(file1, DATASET, dtype, fspace, H5P_DEFAULT, ++ H5P_DEFAULT, H5P_DEFAULT); ++ CHECK(dataset1, FAIL, "H5Dcreate"); ++ ++ ret = H5Dwrite(dataset1, dtype, H5S_ALL, H5S_ALL, H5P_DEFAULT, wdata); ++ CHECK(ret, FAIL, "H5Dwrite"); ++ ++ ret = H5Dclose(dataset1); ++ CHECK(ret, FAIL, "H5Dclose"); ++ ++ ret = H5Tclose(dtype); ++ CHECK(ret, FAIL, "H5Tclose"); ++ ++ ret = H5Sclose(fspace); ++ CHECK(ret, FAIL, "H5Sclose"); ++ ++ ret = H5Fclose(file1); ++ CHECK(ret, FAIL, "H5Fclose"); ++ ++ /* ++ * Open the file. Select the same points, write values to those point locations. ++ */ ++ file1 = H5Fopen(DATAFILE3, H5F_ACC_RDWR, H5P_DEFAULT); ++ CHECK(file1, FAIL, "H5Fopen"); ++ ++ dataset1 = H5Dopen(file1, DATASET, H5P_DEFAULT); ++ CHECK(dataset1, FAIL, "H5Dopen"); ++ ++ fspace = H5Dget_space(dataset1); ++ CHECK(fspace, FAIL, "H5Dget_space"); ++ ++ dtype = H5Dget_type(dataset1); ++ CHECK(dtype, FAIL, "H5Dget_type"); ++ ++ mspace = H5Screate_simple(1, marray, NULL); ++ CHECK(mspace, FAIL, "H5Screate_simple"); ++ ++ coord[0][0] = 0; ++ coord[0][1] = 2; ++ coord[0][2] = 2; ++ coord[0][3] = 0; ++ ++ ret = H5Sselect_elements(fspace, H5S_SELECT_SET, NUMP, (const hsize_t *)&coord); ++ CHECK(ret, FAIL, "H5Sselect_elements"); ++ ++ ret = H5Dwrite(dataset1, dtype, mspace, fspace, H5P_DEFAULT, val); ++ CHECK(ret, FAIL, "H5Dwrite"); ++ ++ ret = H5Tclose(dtype); ++ CHECK(ret, FAIL, "H5Tclose"); ++ ++ ret = H5Dclose(dataset1); ++ CHECK(ret, FAIL, "H5Dclose"); ++ ++ ret = H5Sclose(fspace); ++ CHECK(ret, FAIL, "H5Dclose"); ++ ++ ret = H5Sclose(mspace); ++ CHECK(ret, FAIL, "H5Sclose"); ++ ++ ret = H5Fclose(file1); ++ CHECK(ret, FAIL, "H5Fclose"); ++} /* test_write_same_element */ ++ + /**************************************************************** + ** + ** test_vlstrings(): Main VL string testing routine. +@@ -870,6 +969,8 @@ test_vlstrings(void) + + /* Test writing VL datasets in files with lots of unlinking */ + test_vl_rewrite(); ++ /* Test writing to the same element more than once using H5Sselect_elements */ ++ test_write_same_element(); + } /* test_vlstrings() */ + + +@@ -892,5 +993,6 @@ cleanup_vlstrings(void) + { + HDremove(DATAFILE); + HDremove(DATAFILE2); ++ HDremove(DATAFILE3); + } + +-- +2.23.0 + diff --git a/CVE-2018-17432.patch b/CVE-2018-17432.patch new file mode 100644 index 0000000000000000000000000000000000000000..a3e583667772f108c162c18d838bc68efa35b6c0 --- /dev/null +++ b/CVE-2018-17432.patch @@ -0,0 +1,61 @@ +From 7bfa10018ecf5efe54b4a699bb684d31468c8b42 Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Mon, 26 Oct 2020 08:36:27 -0500 +Subject: [PATCH] Fix HDFFV-10590 + +Description + This is to fix the CVE issue CVE-2018-17432. + h5repack produced a segfault on a corrupted file. This fix modified +the + dataspace encode and decode functions per Quincey's suggestion to +prevent + the segfault. h5repack only failed for the corrupted file now. +Platforms tested: + Linux/64 (jelly) + +--- + src/H5Osdspace.c | 23 +- + 1 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c +index 627ea190a3..6e34960d87 100644 +--- a/src/H5Osdspace.c ++++ b/src/H5Osdspace.c +@@ -143,8 +143,11 @@ H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED + flags = *p++; + + /* Get or determine the type of the extent */ +- if(version >= H5O_SDSPACE_VERSION_2) ++ if(version >= H5O_SDSPACE_VERSION_2) { + sdim->type = (H5S_class_t)*p++; ++ if(sdim->type != H5S_SIMPLE && sdim->rank > 0) ++ HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace") ++ } /* end if */ + else { + /* Set the dataspace type to be simple or scalar as appropriate */ + if(sdim->rank > 0) +@@ -267,14 +270,16 @@ H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg) + *p++ = 0; /*reserved*/ + } /* end else */ + +- /* Current & maximum dimensions */ +- if(sdim->rank > 0) { +- for(u = 0; u < sdim->rank; u++) +- H5F_ENCODE_LENGTH(f, p, sdim->size[u]); +- if(flags & H5S_VALID_MAX) { +- for(u = 0; u < sdim->rank; u++) +- H5F_ENCODE_LENGTH(f, p, sdim->max[u]); +- } /* end if */ ++ /* Encode dataspace dimensions for simple dataspaces */ ++ if(H5S_SIMPLE == sdim->type) { ++ /* Encode current & maximum dimensions */ ++ if(sdim->rank > 0) { ++ for(u = 0; u < sdim->rank; u++) ++ H5F_ENCODE_LENGTH(f, p, sdim->size[u]); ++ if(flags & H5S_VALID_MAX) ++ for(u = 0; u < sdim->rank; u++) ++ H5F_ENCODE_LENGTH(f, p, sdim->max[u]); ++ } /* end if */ + } /* end if */ + + FUNC_LEAVE_NOAPI(SUCCEED) diff --git a/CVE-2018-17434-CVE-2018-17437.patch b/CVE-2018-17434-CVE-2018-17437.patch new file mode 100644 index 0000000000000000000000000000000000000000..b57c6968ddb8af6880c13f4a1e2115364712cb33 --- /dev/null +++ b/CVE-2018-17434-CVE-2018-17437.patch @@ -0,0 +1,200 @@ +From 02d03b4624122955ee3de635699a4e3880fea377 Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Wed, 30 Jan 2019 20:04:30 -0600 +Subject: [PATCH] Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684 + +Description: + HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters + Added a check for zero value + HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper + This is actually an Invalid read issue. It was found that the + attribute name length in an attribute message was corrupted, + which caused the buffer pointer to be advanced too far and later + caused an invalid read. + Added a check to detect attribute name and its length mismatch. The + fix does not cover all cases, but it'll reduce the chance of this issue + when a name length is corrupted or the attribute name is corrupted. + HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited + The test for HDFFV-10588 has revealed a bug in H5Ewalk. + H5Ewalk did not stop midway even when the call back function returns + H5_ITER_STOP. This is because a condition is missing from the for + loops in H5E__walk causing the callback functions unable to stop until + all the errors in the stack are iterated. Quincey advised on the final + fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR + to HERROR, and the for loops won't continue when "ret_value" is not 0. +Platforms tested: + Linux/64 (jelly) + Linux/64 (platypus) + Darwin (osx1011test) +--- + src/H5E.c | 6 ++--- + src/H5Eint.c | 37 ++++++++++++++----------------- + src/H5Oattr.c | 5 +++++ + tools/h5repack/h5repack_filters.c | 6 +++-- + 4 files changed, 29 insertions(+), 25 deletions(-) + +diff --git a/src/H5E.c b/src/H5E.c +index a94c5bc..e8da166 100644 +--- a/src/H5E.c ++++ b/src/H5E.c +@@ -1471,7 +1471,7 @@ done: + * + * Purpose: Prints the error stack in some default way. This is just a + * convenience function for H5Ewalk() with a function that +- * prints error messages. Users are encouraged to write there ++ * prints error messages. Users are encouraged to write their + * own more specific error handlers. + * + * Return: Non-negative on success/Negative on failure +@@ -1553,8 +1553,8 @@ H5Ewalk2(hid_t err_stack, H5E_direction_t direction, H5E_walk2_t stack_func, voi + /* Walk the error stack */ + op.vers = 2; + op.u.func2 = stack_func; +- if(H5E_walk(estack, direction, &op, client_data) < 0) +- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") ++ if((ret_value = H5E_walk(estack, direction, &op, client_data)) < 0) ++ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); + + done: + FUNC_LEAVE_API(ret_value) +diff --git a/src/H5Eint.c b/src/H5Eint.c +index 636866b..85edb90 100644 +--- a/src/H5Eint.c ++++ b/src/H5Eint.c +@@ -442,13 +442,13 @@ done: + /*------------------------------------------------------------------------- + * Function: H5E_print + * +- * Purpose: Private function to print the error stack in some default ++ * Purpose: Private function to print the error stack in some default + * way. This is just a convenience function for H5Ewalk() and + * H5Ewalk2() with a function that prints error messages. +- * Users are encouraged to write there own more specific error ++ * Users are encouraged to write their own more specific error + * handlers. + * +- * Return: Non-negative on success/Negative on failure ++ * Return: Non-negative on success/Negative on failure + * + * Programmer: Robb Matzke + * Friday, February 27, 1998 +@@ -533,9 +533,8 @@ herr_t + H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op, + void *client_data) + { +- int i; /* Local index variable */ +- herr_t status; /* Status from callback function */ +- herr_t ret_value = SUCCEED; /* Return value */ ++ int i; /* Local index variable */ ++ herr_t ret_value = H5_ITER_CONT; /* Return value */ + + FUNC_ENTER_NOAPI_NOINIT + +@@ -553,9 +552,8 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op + if(op->u.func1) { + H5E_error1_t old_err; + +- status = SUCCEED; + if(H5E_WALK_UPWARD == direction) { +- for(i = 0; i < (int)estack->nused && status >= 0; i++) { ++ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++) { + /* Point to each error record on the stack and pass it to callback function.*/ + old_err.maj_num = estack->slot[i].maj_num; + old_err.min_num = estack->slot[i].min_num; +@@ -564,12 +562,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op + old_err.desc = estack->slot[i].desc; + old_err.line = estack->slot[i].line; + +- status = (op->u.func1)(i, &old_err, client_data); ++ ret_value = (op->u.func1)(i, &old_err, client_data); + } /* end for */ + } /* end if */ + else { + H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int); +- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--) { ++ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--) { + /* Point to each error record on the stack and pass it to callback function.*/ + old_err.maj_num = estack->slot[i].maj_num; + old_err.min_num = estack->slot[i].min_num; +@@ -578,12 +576,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op + old_err.desc = estack->slot[i].desc; + old_err.line = estack->slot[i].line; + +- status = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data); ++ ret_value = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data); + } /* end for */ + } /* end else */ + +- if(status < 0) +- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") ++ if(ret_value < 0) ++ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); + } /* end if */ + #else /* H5_NO_DEPRECATED_SYMBOLS */ + HDassert(0 && "version 1 error stack walk without deprecated symbols!"); +@@ -592,19 +590,18 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op + else { + HDassert(op->vers == 2); + if(op->u.func2) { +- status = SUCCEED; + if(H5E_WALK_UPWARD == direction) { +- for(i = 0; i < (int)estack->nused && status >= 0; i++) +- status = (op->u.func2)((unsigned)i, estack->slot + i, client_data); ++ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++) ++ ret_value = (op->u.func2)((unsigned)i, estack->slot + i, client_data); + } /* end if */ + else { + H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int); +- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--) +- status = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data); ++ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--) ++ ret_value = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data); + } /* end else */ + +- if(status < 0) +- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") ++ if(ret_value < 0) ++ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); + } /* end if */ + } /* end else */ + +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index 149f04a..a8d2a31 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -175,6 +175,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED + /* Decode and store the name */ + if(NULL == (attr->shared->name = H5MM_strdup((const char *)p))) + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") ++ ++ /* Make an attempt to detect corrupted name or name length - HDFFV-10588 */ ++ if(name_len != (HDstrlen(attr->shared->name) + 1)) ++ HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "attribute name has different length than stored length") ++ + if(attr->shared->version < H5O_ATTR_VERSION_2) + p += H5O_ALIGN_OLD(name_len); /* advance the memory pointer */ + else +diff --git a/tools/h5repack/h5repack_filters.c b/tools/h5repack/h5repack_filters.c +index 523f81a..1eea3e9 100644 +--- a/tools/h5repack/h5repack_filters.c ++++ b/tools/h5repack/h5repack_filters.c +@@ -333,12 +333,14 @@ int apply_filters(const char* name, /* object name from traverse list */ + + sm_nbytes = msize; + for (i = rank; i > 0; --i) { +- hsize_t size = H5TOOLS_BUFSIZE / sm_nbytes; ++ hsize_t size = 0; ++ if(sm_nbytes == 0) ++ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "number of bytes per stripmine must be > 0"); ++ size = H5TOOLS_BUFSIZE / sm_nbytes; + if (size == 0) /* datum size > H5TOOLS_BUFSIZE */ + size = 1; + sm_size[i - 1] = MIN(dims[i - 1], size); + sm_nbytes *= sm_size[i - 1]; +- HDassert(sm_nbytes > 0); + } + + for (i = 0; i < rank; i++) { +-- +2.23.0 + diff --git a/CVE-2018-17435.patch b/CVE-2018-17435.patch new file mode 100644 index 0000000000000000000000000000000000000000..f753fa2173b7ca49362f3b7c9834cdb4ded61824 --- /dev/null +++ b/CVE-2018-17435.patch @@ -0,0 +1,114 @@ +From c12da4884f18dda4c9dbc23efd10eb053ec7cf0d Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Fri, 19 Jun 2020 10:53:32 -0500 +Subject: [PATCH] Fix HDFFV-10591 + +Description: + h52gif produced a segfault when a buffer overflow occurred because + the data size was corrupted and became very large. This commit +added + a check on the data size against the buffer size to prevent the +segfault. + It also added error reporting to h52gif to display an error message + instead of silently exiting when the failure occurred. +Platforms tested: + Linux/64 (jelly) + SunOS 5.11 (emu) + +--- + hl/src/H5IM.c | 3 ++- + hl/tools/gif2h5/hdf2gif.c | 19 +++++++++++++++---- + src/H5Oattr.c | 5 +++++ + 3 files changed, 22 insertions(+), 5 deletions(-) + +diff --git a/hl/src/H5IM.c b/hl/src/H5IM.c +index f76f029ae2..495f296625 100644 +--- a/hl/src/H5IM.c ++++ b/hl/src/H5IM.c +@@ -274,7 +274,8 @@ herr_t H5IMget_image_info( hid_t loc_id, + return -1; + + /* Try to find the attribute "INTERLACE_MODE" on the >>image<< dataset */ +- has_attr = H5LT_find_attribute(did, "INTERLACE_MODE"); ++ if ((has_attr = H5LT_find_attribute(did, "INTERLACE_MODE")) < 0) ++ goto out; + + /* It exists, get it */ + if(has_attr == 1) +diff --git a/hl/tools/gif2h5/hdf2gif.c b/hl/tools/gif2h5/hdf2gif.c +index ce9d8786f8..ec81194a71 100644 +--- a/hl/tools/gif2h5/hdf2gif.c ++++ b/hl/tools/gif2h5/hdf2gif.c +@@ -143,17 +143,22 @@ int main(int argc , char **argv) + goto out; + } + +- /* read image */ ++ /* get image's information */ + if ( H5IMget_image_info( fid, image_name, &width, &height, &planes, interlace, &npals ) < 0 ) ++ { ++ fprintf(stderr , "Unable to get information of the image. Aborting.\n"); + goto out; ++ } + +- if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX){ ++ if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX) ++ { + fprintf(stderr, "HDF5 image is too large. Limit is %d by %d.\n", IMAGE_WIDTH_MAX, IMAGE_HEIGHT_MAX); + goto out; + } + + /* tool can handle single plane images only. */ +- if (planes > 1){ ++ if (planes > 1) ++ { + fprintf(stderr, "Cannot handle multiple planes image\n"); + goto out; + } +@@ -161,12 +166,18 @@ int main(int argc , char **argv) + Image = (BYTE*) malloc( (size_t) width * (size_t) height ); + + if ( H5IMread_image( fid, image_name, Image ) < 0 ) ++ { ++ fprintf(stderr , "Unable to read the image. Aborting.\n"); + goto out; ++ } + + if (npals) + { + if ( H5IMget_palette_info( fid, image_name, 0, pal_dims ) < 0 ) ++ { ++ fprintf(stderr , "Unable to get information of the palette. Aborting.\n"); + goto out; ++ } + + pal = (BYTE*) malloc( (size_t) pal_dims[0] * (size_t) pal_dims[1] ); + +@@ -240,7 +251,7 @@ int main(int argc , char **argv) + if (j==i) + { + /* wasn't found */ +- pc2nc[i] = (BYTE)nc; ++ pc2nc[i] = (BYTE)nc; + r1[nc] = Red[i]; + g1[nc] = Green[i]; + b1[nc] = Blue[i]; +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index 882912155a..a13c944264 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -225,6 +225,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED + + /* Go get the data */ + if(attr->shared->data_size) { ++ /* Ensure that data size doesn't exceed buffer size, in case of ++ it's being corrupted in the file */ ++ if(attr->shared->data_size > p_size) ++ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size") ++ + if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size))) + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + HDmemcpy(attr->shared->data, p, attr->shared->data_size); +-- +2.23.0 + diff --git a/CVE-2018-17438.patch b/CVE-2018-17438.patch new file mode 100644 index 0000000000000000000000000000000000000000..ba973fd5585d269d809c285fcad2f4b74da0b154 --- /dev/null +++ b/CVE-2018-17438.patch @@ -0,0 +1,70 @@ +From 7add52ff4f2443357648d53d52add274d1b18b5f Mon Sep 17 00:00:00 2001 +From: Binh-Minh Ribler +Date: Wed, 20 Mar 2019 14:03:48 -0500 +Subject: [PATCH] Fixed HDFFV-10210 and HDFFV-10587 Description: - Added + parameter validation (HDFFV-10210) - Added detection of division by zero + (HDFFV-10587 - CVE-2018-17438) - Fixed typos in various tests Platforms + tested: Linux/64 (jelly) Linux/64 (platypus) Darwin (osx1011test) + +--- + src/H5Dselect.c | 2 ++ + src/H5I.c | 3 +++ + test/tid.c | 15 +++++++++++++++ + 3 files changed, 20 insertions(+) + +diff --git a/src/H5Dselect.c b/src/H5Dselect.c +index 7e86b9d..84cd849 100644 +--- a/src/H5Dselect.c ++++ b/src/H5Dselect.c +@@ -220,6 +220,8 @@ H5D__select_io(const H5D_io_info_t *io_info, size_t elmt_size, + + /* Decrement number of elements left to process */ + HDassert(((size_t)tmp_file_len % elmt_size) == 0); ++ if(elmt_size == 0) ++ HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "Resulted in division by zero") + nelmts -= ((size_t)tmp_file_len / elmt_size); + } /* end while */ + } /* end else */ +diff --git a/src/H5I.c b/src/H5I.c +index 2a4a38c..5cc8e69 100644 +--- a/src/H5I.c ++++ b/src/H5I.c +@@ -406,6 +406,9 @@ H5Itype_exists(H5I_type_t type) + FUNC_ENTER_API(FAIL) + H5TRACE1("t", "It", type); + ++ if(H5I_IS_LIB_TYPE(type)) ++ HGOTO_ERROR(H5E_ATOM, H5E_BADGROUP, FAIL, "cannot call public function on library type") ++ + if(type <= H5I_BADID || type >= H5I_next_type) + HGOTO_ERROR(H5E_ARGS, H5E_BADRANGE, FAIL, "invalid type number") + +diff --git a/test/tid.c b/test/tid.c +index c98514b..aca32fd 100644 +--- a/test/tid.c ++++ b/test/tid.c +@@ -224,6 +224,21 @@ static int basic_id_test(void) + goto out; + H5E_END_TRY + ++ /* Test that H5Itype_exists cannot be called on library types because ++ * it is a public function ++ */ ++ H5E_BEGIN_TRY ++ err = H5Itype_exists(H5I_GROUP); ++ if(err >= 0) ++ goto out; ++ H5E_END_TRY ++ ++ H5E_BEGIN_TRY ++ err = H5Itype_exists(H5I_ATTR); ++ if(err >= 0) ++ goto out; ++ H5E_END_TRY ++ + return 0; + + out: +-- +2.23.0 + diff --git a/CVE-2019-8396.patch b/CVE-2019-8396.patch deleted file mode 100644 index 8cba0d6cf07ac2d9372ba3e556a98f610351529f..0000000000000000000000000000000000000000 --- a/CVE-2019-8396.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 8e5d36c7465699671b89023f752a378f5ee8b7cb Mon Sep 17 00:00:00 2001 -From: starlet-dx <15929766099@163.com> -Date: Tue, 28 Mar 2023 17:31:29 +0800 -Subject: [PATCH 1/1] H5O__pline_decode() Make more resilient to out-of-bounds read (#2210) - -Malformed hdf5 files may have trunkated content which does not match the expected size. When this function attempts to decode these it may read past the end of the allocated space leading to heap overflows as bounds checking is incomplete. -Make sure each element is within bounds before reading. - -This fixes CVE-2019-8396 / HDFFV-10712 / github bug #2209. - -Signed-off-by: Egbert Eich - -Signed-off-by: Egbert Eich ---- - src/H5Opline.c | 17 +++++++++++++++-- - src/H5private.h | 3 +++ - 2 files changed, 18 insertions(+), 2 deletions(-) - -diff --git a/src/H5Opline.c b/src/H5Opline.c -index 4b76da9..eacf81a 100644 ---- a/src/H5Opline.c -+++ b/src/H5Opline.c -@@ -110,6 +110,7 @@ H5FL_DEFINE(H5O_pline_t); - * - *------------------------------------------------------------------------- - */ -+ - static void * - H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, - unsigned H5_ATTR_UNUSED *ioflags, size_t p_size, const uint8_t *p) -@@ -131,6 +132,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - - /* Version */ -+ if (p + 4 - 1 > p_end) /* 4 byte is minimum for all versions */ -+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_end = %p", -+ p + 4, p_end) - pline->version = *p++; - if (pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST) - HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") -@@ -159,6 +163,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign - /* Decode filters */ - for (i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) { - /* Filter ID */ -+ if (p + 6 - 1 > p_end) /* 6 bytes minimum */ -+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, -+ "ran off the end of the buffer: current p = %p, p_end = %p", p + 6, p_end) - UINT16DECODE(p, filter->id); - - /* Length of filter name */ -@@ -168,6 +175,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign - UINT16DECODE(p, name_length); - if (pline->version == H5O_PLINE_VERSION_1 && name_length % 8) - HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "filter name length is not a multiple of eight") -+ if (p + 4 - 1 > p_end) /* with name_length 4 bytes to go */ -+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, -+ "ran off the end of the buffer: current p = %p, p_end = %p", p + 4, p_end) - } /* end if */ - - /* Filter flags */ -@@ -179,9 +189,12 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign - /* Filter name, if there is one */ - if (name_length) { - size_t actual_name_length; /* Actual length of name */ -- -+ size_t len = (size_t)(p_end - p + 1); - /* Determine actual name length (without padding, but with null terminator) */ -- actual_name_length = HDstrlen((const char *)p) + 1; -+ actual_name_length = HDstrnlen((const char *)p, len); -+ if (actual_name_length == len) -+ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "filter name not null terminated") -+ actual_name_length += 1; /* include \0 byte */ - HDassert(actual_name_length <= name_length); - - /* Allocate space for the filter name, or use the internal buffer */ -diff --git a/src/H5private.h b/src/H5private.h -index 56ded14..58ccfef 100644 ---- a/src/H5private.h -+++ b/src/H5private.h -@@ -1444,6 +1444,9 @@ H5_DLL void HDsrand(unsigned int seed); - #ifndef HDstrlen - #define HDstrlen(S) strlen(S) - #endif /* HDstrlen */ -+#ifndef HDstrnlen -+#define HDstrnlen(S, L) strnlen(S, L) -+#endif - #ifndef HDstrncat - #define HDstrncat(X, Y, Z) strncat(X, Y, Z) - #endif /* HDstrncat */ --- -2.30.0 - diff --git a/CVE-2020-10812.patch b/CVE-2020-10812.patch deleted file mode 100644 index f3ad1fe94c79c8b51ceb81e10dab5603890d66c2..0000000000000000000000000000000000000000 --- a/CVE-2020-10812.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Egbert Eich -Date: Wed Oct 5 09:44:02 2022 +0200 -Subject: Hot fix for CVE-2020-10812 -Patch-mainline: Not yet -Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5 -Git-commit: 2465fc41d208d57eb0d7d025286a81664148fbaf -References: - -CVE-2020-10812 unveils a more fundamental design flaw in H5F__dest(): -this function returns FAIL if one of multiple operations fail (in this -case H5AC_prep_for_file_close()) while it still proceeds to prepare the -close operation, free the 'shared' member in struct H5F_t and ulimately -deallocate the structure itself. -When H5F__dest() signals back FAIL to the caller, the caller itself -(H5F_try_close() in this case) will fail. This failure is signalled -up the stack, thus the file will not be considered closed and another -attempt will be made to close it - latest in the exit handler. -The next attempt to close will however need the already deallocated -H5F_t structure and the H5T_shared_t structure in its 'shared' member, -however. -This fix papers over the failure of H5AC_prep_for_file_close() by not -changing the return status of H5F__dest() to fail. There are numerous -other opportunities where this will happen. -This may call for a more fundamental solution. - -Signed-off-by: Egbert Eich -Signed-off-by: Egbert Eich ---- - src/H5Fint.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/src/H5Fint.c b/src/H5Fint.c -index 9b5613972f..01faf33495 100644 ---- a/src/H5Fint.c -+++ b/src/H5Fint.c -@@ -1413,7 +1413,7 @@ H5F__dest(H5F_t *f, hbool_t flush) - */ - if (H5AC_prep_for_file_close(f) < 0) - /* Push error, but keep going */ -- HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, FAIL, "metadata cache prep for close failed") -+ HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, ret_value, "metadata cache prep for close failed") - - /* Flush at this point since the file will be closed (phase 2). - * Only try to flush the file if it was opened with write access, and if diff --git a/CVE-2021-37501.patch b/CVE-2021-37501.patch deleted file mode 100644 index 11ac938a14b46bc765d8d9c1701cabee861eccf6..0000000000000000000000000000000000000000 --- a/CVE-2021-37501.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Egbert Eich -Date: Sat Feb 11 13:54:17 2023 +0100 -Subject: Check for overflow when calculating on-disk attribute data size (#2459) -Patch-mainline: Not yet -Git-repo: https://github.com/HDFGroup/hdf5 -Git-commit: 0d026daa13a81be72495872f651c036fdc84ae5e -References: - -A bogus hdf5 file may contain dataspace messages with sizes -which lead to the on-disk data sizes to exceed what is addressable. -When calculating the size, make sure, the multiplication does not -overflow. -The test case was crafted in a way that the overflow caused the -size to be 0. - -This fixes CVE-2021-37501 / Bug #2458. - -Signed-off-by: Egbert Eich -Signed-off-by: Egbert Eich ---- - src/H5Oattr.c | 3 +++ - src/H5private.h | 18 ++++++++++++++++++ - 2 files changed, 21 insertions(+) -diff --git a/src/H5Oattr.c b/src/H5Oattr.c -index 4dee7aa187..3ef0b99aa4 100644 ---- a/src/H5Oattr.c -+++ b/src/H5Oattr.c -@@ -235,6 +235,9 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, un - - /* Compute the size of the data */ - H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, ds_size * (hsize_t)dt_size, hsize_t); -+ H5_CHECK_MUL_OVERFLOW(attr->shared->data_size, ds_size, dt_size, -+ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, -+ "data size exceeds addressable range")) - - /* Go get the data */ - if (attr->shared->data_size) { -diff --git a/src/H5private.h b/src/H5private.h -index 931d7b9046..a115aee1a4 100644 ---- a/src/H5private.h -+++ b/src/H5private.h -@@ -1605,6 +1605,24 @@ H5_DLL int HDvasprintf(char **bufp, const char *fmt, va_list _ap); - #define H5_CHECK_OVERFLOW(var, vartype, casttype) - #endif /* NDEBUG */ - -+/* -+ * A macro for checking whether a multiplication has overflown -+ * r is assumed to be the result of a prior multiplication of a and b -+ */ -+#define H5_CHECK_MUL_OVERFLOW(r, a, b, err) \ -+ { \ -+ bool mul_overflow = false; \ -+ if (r != 0) { \ -+ if (r / a != b) \ -+ mul_overflow = true; \ -+ } else { \ -+ if (a != 0 && b != 0) \ -+ mul_overflow = true; \ -+ } \ -+ if (mul_overflow) \ -+ err \ -+ } -+ - /* - * A macro for detecting over/under-flow when assigning between types - */ diff --git a/fix-compile-error.patch b/fix-compile-error.patch new file mode 100644 index 0000000000000000000000000000000000000000..247d0538f5df86148f91e03020b0777a227e64fc --- /dev/null +++ b/fix-compile-error.patch @@ -0,0 +1,100 @@ +From aa52644d1f9e5a1103e4f670b56074c4e46a04f2 Mon Sep 17 00:00:00 2001 +From: lrknox +Date: Fri, 11 May 2018 11:02:43 -0500 +Subject: [PATCH] Address compile errors and merge conflicts. + +--- + src/H5Abtree2.c | 2 +- + src/H5HFcache.c | 2 +- + src/H5Ocache.c | 4 ++-- + src/H5T.c | 8 +++----- + 4 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c +index 02fffce21c..318c60d750 100644 +--- a/src/H5Abtree2.c ++++ b/src/H5Abtree2.c +@@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */ + *------------------------------------------------------------------------- + */ + static herr_t +-H5A__dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) ++H5A_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) + { + H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ + H5A_t *attr = NULL; /* Pointer to attribute created from heap object */ +diff --git a/src/H5HFcache.c b/src/H5HFcache.c +index 319a865438..0d25dbf603 100644 +--- a/src/H5HFcache.c ++++ b/src/H5HFcache.c +@@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata) + UINT32DECODE(p, hdr->pline_root_direct_filter_mask); + + /* Decode I/O filter information */ +- if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, len, image))) ++ if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, hdr->filter_len, p))) + HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters") + p += hdr->filter_len; + +diff --git a/src/H5Ocache.c b/src/H5Ocache.c +index ebae3f55bf..39f3ca330f 100644 +--- a/src/H5Ocache.c ++++ b/src/H5Ocache.c +@@ -1288,7 +1288,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, + unsigned ioflags = 0; /* Flags for decode routine */ + + /* Decode continuation message */ +- cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); ++ cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); + cont->chunkno = udata->cont_msg_info->nmsgs + 1; /*the next continuation message/chunk */ + + /* Save 'native' form of continuation message */ +@@ -1312,7 +1312,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, + + /* Decode ref. count message */ + HDassert(oh->version > H5O_VERSION_1); +- refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); ++ refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); + + /* Save 'native' form of ref. count message */ + oh->mesg[curmesg].native = refcount; +diff --git a/src/H5T.c b/src/H5T.c +index 9eeb7db193..36b4c63001 100644 +--- a/src/H5T.c ++++ b/src/H5T.c +@@ -298,8 +298,6 @@ static herr_t H5T_unregister(H5T_pers_t pers, const char *name, H5T_t *src, + static herr_t H5T_register(H5T_pers_t pers, const char *name, H5T_t *src, + H5T_t *dst, H5T_conv_t func, hid_t dxpl_id, hbool_t api_call); + static htri_t H5T_compiler_conv(H5T_t *src, H5T_t *dst); +-static herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); +-static H5T_t *H5T_decode(const unsigned char *buf); + static herr_t H5T_set_size(H5T_t *dt, size_t size); + + +@@ -2839,7 +2837,7 @@ H5Tdecode(const void *buf) + * + *------------------------------------------------------------------------- + */ +-static herr_t ++herr_t + H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc) + { + size_t buf_size; /* Encoded size of datatype */ +@@ -2895,7 +2893,7 @@ H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc) + * + *------------------------------------------------------------------------- + */ +-static H5T_t * ++H5T_t * + H5T_decode(size_t buf_size, const unsigned char *buf) + { + H5F_t *f = NULL; /* Fake file structure*/ +@@ -2916,7 +2914,7 @@ H5T_decode(size_t buf_size, const unsigned char *buf) + HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype") + + /* Decode the serialized datatype message */ +- if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_noio_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) ++ if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) + HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object") + + /* Mark datatype as being in memory now */ diff --git a/hdf5-1.12.1.tar.bz2 b/hdf5-1.8.20.tar.bz2 similarity index 54% rename from hdf5-1.12.1.tar.bz2 rename to hdf5-1.8.20.tar.bz2 index 2c3ea6d95ea967ba90b8ee2a9979b67b8bcdf1e9..2ea1dddbb04da8b74f79ebe776745f994748d4bb 100644 Binary files a/hdf5-1.12.1.tar.bz2 and b/hdf5-1.8.20.tar.bz2 differ diff --git a/hdf5-LD_LIBRARY_PATH.patch b/hdf5-LD_LIBRARY_PATH.patch index f1852e7cb17a6f2a885f31faa21aea31fb8d8fb5..7d01278c8257a057aa10db80505c5a23351c1627 100644 --- a/hdf5-LD_LIBRARY_PATH.patch +++ b/hdf5-LD_LIBRARY_PATH.patch @@ -1,20 +1,21 @@ ---- hdf5-1.12.0/src/Makefile.am~ 2020-02-29 00:29:58.000000000 +0100 -+++ hdf5-1.12.0/src/Makefile.am 2021-02-26 16:10:03.612252484 +0100 -@@ -156,8 +156,6 @@ +diff -up hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH hdf5-1.8.13/src/Makefile.am +--- hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH 2014-05-05 20:13:01.000000000 -0600 ++++ hdf5-1.8.13/src/Makefile.am 2014-05-15 09:53:59.569476295 -0600 +@@ -128,8 +128,6 @@ settings_DATA=libhdf5.settings # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5Tinit.c: H5detect$(EXEEXT) - LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) | \ - sed -e 's/-L/:/g' -e 's/ //g'`" \ - $(RUNSERIAL) ./H5detect$(EXEEXT) $@ || \ + $(RUNSERIAL) ./H5detect$(EXEEXT) > $@ || \ (test $$HDF5_Make_Ignore && echo "*** Error ignored") || \ ($(RM) $@ ; exit 1) -@@ -168,8 +166,6 @@ +@@ -140,8 +138,6 @@ H5Tinit.c: H5detect$(EXEEXT) # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings - LD_LIBRARY_PATH="$$LD_LIBRARY_PATH`echo $(LDFLAGS) | \ - sed -e 's/-L/:/g' -e 's/ //g'`" \ - $(RUNSERIAL) ./H5make_libsettings$(EXEEXT) $@ || \ + $(RUNSERIAL) ./H5make_libsettings$(EXEEXT) > $@ || \ (test $$HDF5_Make_Ignore && echo "*** Error ignored") || \ ($(RM) $@ ; exit 1) diff --git a/hdf5-build.patch b/hdf5-build.patch deleted file mode 100644 index cc08c02cd00b9d722d4af47ac08f459654d49fc0..0000000000000000000000000000000000000000 --- a/hdf5-build.patch +++ /dev/null @@ -1,145 +0,0 @@ -diff --git a/java/examples/datasets/JavaDatasetExample.sh.in b/java/examples/datasets/JavaDatasetExample.sh.in -index f29739a..fc9cddb 100644 ---- a/java/examples/datasets/JavaDatasetExample.sh.in -+++ b/java/examples/datasets/JavaDatasetExample.sh.in -@@ -39,7 +39,7 @@ HDFLIB_HOME="$top_srcdir/java/lib" - BLDDIR="." - BLDLIBDIR="$BLDDIR/testlibs" - HDFTEST_HOME="$top_srcdir/java/examples/datasets" --JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar -+JARFILE=@PACKAGE_TARNAME@.jar - TESTJARFILE=jar@PACKAGE_TARNAME@datasets.jar - test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR - -diff --git a/java/examples/datasets/Makefile.am b/java/examples/datasets/Makefile.am -index 41a914b..195201a 100644 ---- a/java/examples/datasets/Makefile.am -+++ b/java/examples/datasets/Makefile.am -@@ -26,7 +26,7 @@ classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - - pkgpath = examples/datasets --hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar -+hdfjarfile = $(PACKAGE_TARNAME).jar - CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH - - jarfile = jar$(PACKAGE_TARNAME)datasets.jar -diff --git a/java/examples/datatypes/JavaDatatypeExample.sh.in b/java/examples/datatypes/JavaDatatypeExample.sh.in -index e26d8c0..f6a9d87 100644 ---- a/java/examples/datatypes/JavaDatatypeExample.sh.in -+++ b/java/examples/datatypes/JavaDatatypeExample.sh.in -@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib" - BLDDIR="." - BLDLIBDIR="$BLDDIR/testlibs" - HDFTEST_HOME="$top_srcdir/java/examples/datatypes" --JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar -+JARFILE=@PACKAGE_TARNAME@.jar - TESTJARFILE=jar@PACKAGE_TARNAME@datatypes.jar - test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR - -diff --git a/java/examples/datatypes/Makefile.am b/java/examples/datatypes/Makefile.am -index 90790f7..450edef 100644 ---- a/java/examples/datatypes/Makefile.am -+++ b/java/examples/datatypes/Makefile.am -@@ -26,7 +26,7 @@ classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - - pkgpath = examples/datatypes --hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar -+hdfjarfile = $(PACKAGE_TARNAME).jar - CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH - - jarfile = jar$(PACKAGE_TARNAME)datatypes.jar -diff --git a/java/examples/groups/JavaGroupExample.sh.in b/java/examples/groups/JavaGroupExample.sh.in -index 3b0e9d1..416c69f 100644 ---- a/java/examples/groups/JavaGroupExample.sh.in -+++ b/java/examples/groups/JavaGroupExample.sh.in -@@ -37,7 +37,7 @@ BLDDIR="." - BLDLIBDIR="$BLDDIR/testlibs" - BLDITERDIR="./groups" - HDFTEST_HOME="$top_srcdir/java/examples/groups" --JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar -+JARFILE=@PACKAGE_TARNAME@.jar - TESTJARFILE=jar@PACKAGE_TARNAME@groups.jar - test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR - test -d $BLDITERDIR || mkdir -p $BLDITERDIR -diff --git a/java/examples/groups/Makefile.am b/java/examples/groups/Makefile.am -index bfde9ae..f48a5b9 100644 ---- a/java/examples/groups/Makefile.am -+++ b/java/examples/groups/Makefile.am -@@ -26,7 +26,7 @@ classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - - pkgpath = examples/groups --hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar -+hdfjarfile = $(PACKAGE_TARNAME).jar - CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH - - jarfile = jar$(PACKAGE_TARNAME)groups.jar -diff --git a/java/examples/intro/JavaIntroExample.sh.in b/java/examples/intro/JavaIntroExample.sh.in -index db741e5..d0ba65d 100644 ---- a/java/examples/intro/JavaIntroExample.sh.in -+++ b/java/examples/intro/JavaIntroExample.sh.in -@@ -36,7 +36,7 @@ HDFLIB_HOME="$top_srcdir/java/lib" - BLDDIR="." - BLDLIBDIR="$BLDDIR/testlibs" - HDFTEST_HOME="$top_srcdir/java/examples/intro" --JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar -+JARFILE=@PACKAGE_TARNAME@.jar - TESTJARFILE=jar@PACKAGE_TARNAME@intro.jar - test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR - -diff --git a/java/examples/intro/Makefile.am b/java/examples/intro/Makefile.am -index 7d1aeab..01a10c9 100644 ---- a/java/examples/intro/Makefile.am -+++ b/java/examples/intro/Makefile.am -@@ -26,7 +26,7 @@ classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - - pkgpath = examples/intro --hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar -+hdfjarfile = $(PACKAGE_TARNAME).jar - CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH - - jarfile = jar$(PACKAGE_TARNAME)intro.jar -diff --git a/java/src/Makefile.am b/java/src/Makefile.am -index 98630e6..fd8d057 100644 ---- a/java/src/Makefile.am -+++ b/java/src/Makefile.am -@@ -32,8 +32,8 @@ JAVAROOT = .classes - classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - --jarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar --hdf5_javadir = $(libdir) -+jarfile = $(PACKAGE_TARNAME).jar -+hdf5_javadir = $(prefix)/lib/java - - pkgpath = hdf/hdf5lib - CLASSPATH_ENV=CLASSPATH=.:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$$CLASSPATH -diff --git a/java/test/Makefile.am b/java/test/Makefile.am -index 08e79e3..b336c2f 100644 ---- a/java/test/Makefile.am -+++ b/java/test/Makefile.am -@@ -26,7 +26,7 @@ classes: - test -d $(@D)/$(JAVAROOT) || $(MKDIR_P) $(@D)/$(JAVAROOT) - - pkgpath = test --hdfjarfile = jar$(PACKAGE_TARNAME)-$(PACKAGE_VERSION).jar -+hdfjarfile = $(PACKAGE_TARNAME).jar - CLASSPATH_ENV=CLASSPATH=.:$(JAVAROOT):$(top_builddir)/java/src/$(hdfjarfile):$(top_srcdir)/java/lib/junit.jar:$(top_srcdir)/java/lib/hamcrest-core.jar:$(top_srcdir)/java/lib/slf4j-api-1.7.25.jar:$(top_srcdir)/java/lib/ext/slf4j-simple-1.7.25.jar:$$CLASSPATH - - jarfile = jar$(PACKAGE_TARNAME)test.jar -diff --git a/java/test/junit.sh.in b/java/test/junit.sh.in -index 39db296..83d6c7c 100644 ---- a/java/test/junit.sh.in -+++ b/java/test/junit.sh.in -@@ -47,7 +47,7 @@ BLDLIBDIR="$BLDDIR/testlibs" - HDFTEST_HOME="$top_srcdir/java/test" - TOOLS_TESTFILES="$top_srcdir/tools/testfiles" - --JARFILE=jar@PACKAGE_TARNAME@-@PACKAGE_VERSION@.jar -+JARFILE=@PACKAGE_TARNAME@.jar - TESTJARFILE=jar@PACKAGE_TARNAME@test.jar - test -d $BLDLIBDIR || mkdir -p $BLDLIBDIR - diff --git a/hdf5-gfortran12.patch b/hdf5-gfortran12.patch deleted file mode 100644 index 97fc27610814fcc41d8e9f3470e04128dd7d7f71..0000000000000000000000000000000000000000 --- a/hdf5-gfortran12.patch +++ /dev/null @@ -1,37 +0,0 @@ -commit 3ea6f8c17228d2629e419563138a6180bc4a5a6a -Author: Orion Poplawski -Date: Sun Jan 30 15:21:08 2022 -0700 - - Mark minusone as a PARAMETER in tH5A_1_8.F90. - -diff --git a/fortran/test/tH5A_1_8.F90 b/fortran/test/tH5A_1_8.F90 -index 4e02c58a39..c2f8e9984a 100644 ---- a/fortran/test/tH5A_1_8.F90 -+++ b/fortran/test/tH5A_1_8.F90 -@@ -776,7 +776,7 @@ SUBROUTINE test_attr_info_by_idx(new_format, fcpl, fapl, total_error) - - INTEGER :: Input1 - INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T -- INTEGER :: minusone = -1 -+ INTEGER, PARAMETER :: minusone = -1 - INTEGER(HSIZE_T) :: htmp - - data_dims = 0 -@@ -1427,7 +1427,7 @@ SUBROUTINE test_attr_delete_by_idx(new_format, fcpl, fapl, total_error) - INTEGER :: u ! Local index variable - INTEGER :: Input1 - INTEGER(HSIZE_T) :: hzero = 0_HSIZE_T -- INTEGER :: minusone = -1 -+ INTEGER, PARAMETER :: minusone = -1 - - data_dims = 0 - -@@ -2268,7 +2268,7 @@ SUBROUTINE test_attr_corder_create_basic( fcpl, fapl, total_error ) - INTEGER :: error - - INTEGER :: crt_order_flags -- INTEGER :: minusone = -1 -+ INTEGER, PARAMETER :: minusone = -1 - - ! Output message about test being performed - ! WRITE(*,*) " - Testing Basic Code for Attributes with Creation Order Info" diff --git a/hdf5-ldouble-ppc64le.patch b/hdf5-ldouble-ppc64le.patch new file mode 100644 index 0000000000000000000000000000000000000000..dc97f6c7e246efea22590da406d1fa24a6aa7748 --- /dev/null +++ b/hdf5-ldouble-ppc64le.patch @@ -0,0 +1,75 @@ +diff -up hdf5-1.8.16/configure.ac.ldouble-ppc64le hdf5-1.8.16/configure.ac +--- hdf5-1.8.16/configure.ac.ldouble-ppc64le 2015-11-13 09:29:08.749125801 -0700 ++++ hdf5-1.8.16/configure.ac 2015-11-13 09:47:02.705174991 -0700 +@@ -2278,6 +2278,13 @@ else + unsigned char s2[8]; + int ret = 1; + ++#if defined __powerpc64__ && defined _LITTLE_ENDIAN ++ /* Don't bother checking on ppc64le, we know it'll work, and ++ * that what hdf5 calls 'special algorithm' simply is ++ * IBM ldouble 128 (i.e. two seperately scaled doubles). ++ * The check below assumes big endian. */ ++ ret = 0; ++#endif + if(sizeof(long double) == 16 && sizeof(long) == 8) { + /*make sure the long double type has 16 bytes in size and + * 11 bits of exponent. If it is, +@@ -2355,6 +2362,13 @@ else + unsigned char s[16]; + int flag=0, ret=1; + ++#if defined __powerpc64__ && defined _LITTLE_ENDIAN ++ /* Don't bother checking on ppc64le, we know it'll work, and ++ * that what hdf5 calls 'special algorithm' simply is ++ * IBM ldouble 128 (i.e. two seperately scaled doubles). ++ * The check below assumes big endian. */ ++ ret = 0; ++#endif + /*Determine if long double has 16 byte in size, 11 bit exponent, and + *the bias is 0x3ff */ + if(sizeof(long double) == 16) { +diff -up hdf5-1.8.16/configure.ldouble-ppc64le hdf5-1.8.16/configure +diff -up hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le hdf5-1.8.16/test/dt_arith.c +--- hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le 2015-10-23 23:13:43.000000000 -0600 ++++ hdf5-1.8.16/test/dt_arith.c 2015-11-13 09:29:08.765125707 -0700 +@@ -3010,7 +3010,18 @@ test_conv_flt_1 (const char *name, int r + buf, saved, nelmts); + #if H5_SIZEOF_LONG_DOUBLE!=H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE!=0 + } else if(src_type == FLT_LDOUBLE) { +- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, ++ size_t mant_dig = LDBL_MANT_DIG; ++ if (mant_dig >= src_nbits) { ++ /* This happens for IBM long double in little endian. ++ The macro LDBL_MANT_DIG says 106 mantissa bits, but the ++ HDF5 detection code actually represents it as a normal 64bit ++ double (52 bit mantissa) with the upper double being ++ unspec bits (which is sort of okay as the testsuite ++ wouldn't deal with that format correctly anyway). So ++ override the mantissa size. */ ++ mant_dig = 52; ++ } ++ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, + buf, saved, nelmts); + #endif + } else +@@ -3663,7 +3674,18 @@ test_conv_int_fp(const char *name, int r + INIT_FP_DENORM(long double, LDBL_MANT_DIG, src_size, src_nbits, sendian, dst_size, + buf, saved, nelmts); + } else { +- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, buf, saved, nelmts); ++ size_t mant_dig = LDBL_MANT_DIG; ++ if (mant_dig >= src_nbits) { ++ /* This happens for IBM long double in little endian. ++ The macro LDBL_MANT_DIG says 106 mantissa bits, but the ++ HDF5 detection code actually represents it as a normal 64bit ++ double (52 bit mantissa) with the upper double being ++ unspec bits (which is sort of okay as the testsuite ++ wouldn't deal with that format correctly anyway). So ++ override the mantissa size. */ ++ mant_dig = 52; ++ } ++ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, buf, saved, nelmts); + } + #endif + } else diff --git a/hdf5-mpi.patch b/hdf5-mpi.patch new file mode 100644 index 0000000000000000000000000000000000000000..e2e9386cdbd7bc918404a6fbc40e7d56f5480119 --- /dev/null +++ b/hdf5-mpi.patch @@ -0,0 +1,29 @@ +diff -up hdf5-1.8.16/testpar/t_pflush1.c.mpi hdf5-1.8.16/testpar/t_pflush1.c +--- hdf5-1.8.16/testpar/t_pflush1.c.mpi 2015-10-23 23:13:44.000000000 -0600 ++++ hdf5-1.8.16/testpar/t_pflush1.c 2016-03-20 21:46:42.089409776 -0600 +@@ -171,6 +171,7 @@ main(int argc, char* argv[]) + * because MPI_File_close wants to modify the file-handle variable. + */ + ++#if 0 + /* close file1 */ + if(H5Fget_vfd_handle(file1, fapl, (void **)&mpifh_p) < 0) { + printf("H5Fget_vfd_handle for file1 failed\n"); +@@ -189,14 +190,17 @@ main(int argc, char* argv[]) + printf("MPI_File_close for file2 failed\n"); + goto error; + } /* end if */ ++#endif + + fflush(stdout); + fflush(stderr); ++ MPI_Finalize(); + HD_exit(0); + + error: + fflush(stdout); + fflush(stderr); ++ MPI_Finalize(); + HD_exit(1); + } + diff --git a/hdf5-wrappers.patch b/hdf5-wrappers.patch deleted file mode 100644 index ff721bb34a62801c74686d14d406f37930570245..0000000000000000000000000000000000000000 --- a/hdf5-wrappers.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up hdf5-1.10.7/bin/h5cc.in.wrappers hdf5-1.10.7/bin/h5cc.in ---- hdf5-1.10.7/bin/h5cc.in.wrappers 2020-10-07 20:24:29.127283333 -0600 -+++ hdf5-1.10.7/bin/h5cc.in 2020-10-07 20:27:05.289536904 -0600 -@@ -89,10 +89,10 @@ CLINKERBASE="@CC@" - # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in - # from the hdf5 build. The order of the flags is intended to give precedence - # to the user's flags. --H5BLD_CFLAGS="@AM_CFLAGS@ @CFLAGS@" -+H5BLD_CFLAGS= - H5BLD_CPPFLAGS="@AM_CPPFLAGS@ @CPPFLAGS@" --H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@" --H5BLD_LIBS="@LIBS@" -+H5BLD_LDFLAGS= -+H5BLD_LIBS= - - CC="${HDF5_CC:-$CCBASE}" - CLINKER="${HDF5_CLINKER:-$CLINKERBASE}" -@@ -105,7 +105,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}" - # available library is shared, it will be used by default. The user can - # override either default, although choosing an unavailable library will result - # in link errors. --STATIC_AVAILABLE="@enable_static@" -+# Fedora prefers shared libraries -+STATIC_AVAILABLE=no - if test "${STATIC_AVAILABLE}" = "yes"; then - USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}" - else -@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then - # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in - # from the hdf5 build. The order of the flags is intended to give precedence - # to the user's flags. -- $SHOW $CLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args $shared_link -+ $SHOW $CLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CFLAGS $CFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args - status=$? - fi - -diff -up hdf5-1.10.7/c++/src/h5c++.in.wrappers hdf5-1.10.7/c++/src/h5c++.in ---- hdf5-1.10.7/c++/src/h5c++.in.wrappers 2020-08-27 21:38:23.000000000 -0600 -+++ hdf5-1.10.7/c++/src/h5c++.in 2020-10-07 20:24:29.126283325 -0600 -@@ -87,10 +87,10 @@ CXXLINKERBASE="@CXX@" - # paths and libraries from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in - # from the hdf5 build. The order of the flags is intended to give precedence - # to the user's flags. --H5BLD_CXXFLAGS="@AM_CXXFLAGS@ @CXXFLAGS@" -+H5BLD_CXXFLAGS= - H5BLD_CPPFLAGS="@AM_CPPFLAGS@ @CPPFLAGS@" --H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@" --H5BLD_LIBS="@LIBS@" -+H5BLD_LDFLAGS= -+H5BLD_LIBS= - - CXX="${HDF5_CXX:-$CXXBASE}" - CXXLINKER="${HDF5_CLINKER:-$CXXLINKERBASE}" -@@ -103,7 +103,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}" - # available library is shared, it will be used by default. The user can - # override either default, although choosing an unavailable library will result - # in link errors. --STATIC_AVAILABLE="@enable_static@" -+# Fedora prefers shared libraries -+STATIC_AVAILABLE=no - if test "${STATIC_AVAILABLE}" = "yes"; then - USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}" - else -@@ -385,7 +386,7 @@ if test "x$do_link" = "xyes"; then - # from the hdf5 build. The order of the flags is intended to give precedence - # to the user's flags. - -- $SHOW $CXXLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args $shared_link -+ $SHOW $CXXLINKER $H5BLD_CPPFLAGS $CPPFLAGS $H5BLD_CXXFLAGS $CXXFLAGS $LDFLAGS $clibpath $link_objs $LIBS $link_args - - status=$? - fi -diff -up hdf5-1.10.7/fortran/src/h5fc.in.wrappers hdf5-1.10.7/fortran/src/h5fc.in ---- hdf5-1.10.7/fortran/src/h5fc.in.wrappers 2020-08-27 21:38:23.000000000 -0600 -+++ hdf5-1.10.7/fortran/src/h5fc.in 2020-10-07 20:25:53.793962985 -0600 -@@ -83,11 +83,11 @@ FLINKERBASE="@FC@" - # libraries in $link_args, followed by any external library paths and libraries - # from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build. - # The order of the flags is intended to give precedence to the user's flags. --H5BLD_FCFLAGS="@AM_FCFLAGS@ @FCFLAGS@" -+H5BLD_FCFLAGS= - F9XMODFLAG="@F9XMODFLAG@" - F9XSUFFIXFLAG="@F9XSUFFIXFLAG@" --H5BLD_LDFLAGS="@AM_LDFLAGS@ @LDFLAGS@" --H5BLD_LIBS="@LIBS@" -+H5BLD_LDFLAGS= -+H5BLD_LIBS= - - FC="${HDF5_FC:-$FCBASE}" - FLINKER="${HDF5_FLINKER:-$FLINKERBASE}" -@@ -99,7 +99,8 @@ LIBS="${HDF5_LIBS:-$LIBSBASE}" - # available library is shared, it will be used by default. The user can - # override either default, although choosing an unavailable library will result - # in link errors. --STATIC_AVAILABLE="@enable_static@" -+# Fedora prefers shared libraries -+STATIC_AVAILABLE=no - if test "${STATIC_AVAILABLE}" = "yes"; then - USE_SHARED_LIB="${HDF5_USE_SHLIB:-no}" - else -@@ -363,7 +364,7 @@ if test "x$do_link" = "xyes"; then - # libraries in $link_args, followed by any external library paths and libraries - # from AM_LDFLAGS, LDFLAGS, AM_LIBS or LIBS carried in from the hdf5 build. - # The order of the flags is intended to give precedence to the user's flags. -- $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args $shared_link -+ $SHOW $FLINKER $FCFLAGS $H5BLD_FCFLAGS $F9XSUFFIXFLAG $LDFLAGS $fmodules $link_objs $LIBS $link_args - status=$? - fi - diff --git a/hdf5.spec b/hdf5.spec index fd903ee7b226a3309bf1ba059c5f8bebf9dec83b..470fcc705d29cea2b2bf6d3cda2c4c3c1b68e342 100644 --- a/hdf5.spec +++ b/hdf5.spec @@ -7,27 +7,29 @@ %global mpi_list %{?mpi_list} openmpi %endif -%global so_version 200 - Name: hdf5 -Version: 1.12.1 -Release: 1 +Version: 1.8.20 +Release: 14 Summary: A data model, library, and file format for storing and managing data -License: GPL-2.0-or-later +License: GPL URL: https://portal.hdfgroup.org/display/HDF5/HDF5 -Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.12/hdf5-1.12.1/src/hdf5-1.12.1.tar.bz2 +Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/hdf5-1.8.20/src/hdf5-1.8.20.tar.bz2 Patch0: hdf5-LD_LIBRARY_PATH.patch -Patch1: hdf5-gfortran12.patch -Patch2: hdf5-build.patch -Patch3: hdf5-wrappers.patch -Patch4: CVE-2018-13867.patch -Patch5: CVE-2018-14031.patch -Patch6: CVE-2018-16438.patch -Patch7: CVE-2019-8396.patch -Patch8: CVE-2020-10812.patch -Patch9: CVE-2021-37501.patch +Patch1: hdf5-mpi.patch +Patch2: hdf5-ldouble-ppc64le.patch +Patch3: CVE-2018-17233.patch +Patch4: CVE-2018-17234.patch +Patch5: CVE-2018-17237.patch +Patch6: CVE-2018-17434-CVE-2018-17437.patch +Patch7: CVE-2018-17438.patch +Patch8: CVE-2017-17506.patch +Patch9: fix-compile-error.patch +Patch10: CVE-2018-17432.patch +Patch11: CVE-2018-17435.patch +Patch12: CVE-2018-13869-CVE-2018-13870.patch +Patch13: CVE-2018-13873.patch BuildRequires: gcc, gcc-c++ BuildRequires: krb5-devel, openssl-devel, zlib-devel, gcc-gfortran, time @@ -255,12 +257,10 @@ make %{?_smp_mflags} -C build check %doc release_docs/HISTORY*.txt %{_bindir}/gif2h5 %{_bindir}/h52gif -%{_bindir}/h5clear %{_bindir}/h5copy %{_bindir}/h5debug %{_bindir}/h5diff %{_bindir}/h5dump -%{_bindir}/h5format_convert %{_bindir}/h5import %{_bindir}/h5jam %{_bindir}/h5ls @@ -270,15 +270,9 @@ make %{?_smp_mflags} -C build check %{_bindir}/h5repart %{_bindir}/h5stat %{_bindir}/h5unjam -%{_bindir}/h5watch -%{_bindir}/mirror_server -%{_bindir}/mirror_server_stop -%{_libdir}/libhdf5.so.%{so_version}* -%{_libdir}/libhdf5_cpp.so.%{so_version}* -%{_libdir}/libhdf5_fortran.so.%{so_version}* -%{_libdir}/libhdf5hl_fortran.so.%{so_version}* -%{_libdir}/libhdf5_hl.so.%{so_version}* -%{_libdir}/libhdf5_hl_cpp.so.%{so_version}* +%{_libdir}/*.so.10* +%{_libdir}/libhdf5_cpp.so.15* +%{_libdir}/libhdf5_hl_cpp.so.11* %config(noreplace) /etc/ld.so.conf.d/* %files devel @@ -301,12 +295,10 @@ make %{?_smp_mflags} -C build check %doc release_docs/HISTORY*.txt %{_libdir}/mpich/bin/gif2h5 %{_libdir}/mpich/bin/h52gif -%{_libdir}/mpich/bin/h5clear %{_libdir}/mpich/bin/h5copy %{_libdir}/mpich/bin/h5debug %{_libdir}/mpich/bin/h5diff %{_libdir}/mpich/bin/h5dump -%{_libdir}/mpich/bin/h5format_convert %{_libdir}/mpich/bin/h5import %{_libdir}/mpich/bin/h5jam %{_libdir}/mpich/bin/h5ls @@ -318,11 +310,8 @@ make %{?_smp_mflags} -C build check %{_libdir}/mpich/bin/h5repart %{_libdir}/mpich/bin/h5stat %{_libdir}/mpich/bin/h5unjam -%{_libdir}/mpich/bin/h5watch -%{_libdir}/mpich/bin/mirror_server -%{_libdir}/mpich/bin/mirror_server_stop %{_libdir}/mpich/bin/ph5diff -%{_libdir}/mpich/lib/*.so.%{so_version}* +%{_libdir}/mpich/lib/*.so.10* %files mpich-devel %{_includedir}/mpich-%{_arch} @@ -344,12 +333,10 @@ make %{?_smp_mflags} -C build check %doc release_docs/HISTORY*.txt %{_libdir}/openmpi/bin/gif2h5 %{_libdir}/openmpi/bin/h52gif -%{_libdir}/openmpi/bin/h5clear %{_libdir}/openmpi/bin/h5copy %{_libdir}/openmpi/bin/h5debug %{_libdir}/openmpi/bin/h5diff %{_libdir}/openmpi/bin/h5dump -%{_libdir}/openmpi/bin/h5format_convert %{_libdir}/openmpi/bin/h5import %{_libdir}/openmpi/bin/h5jam %{_libdir}/openmpi/bin/h5ls @@ -361,11 +348,8 @@ make %{?_smp_mflags} -C build check %{_libdir}/openmpi/bin/h5repart %{_libdir}/openmpi/bin/h5stat %{_libdir}/openmpi/bin/h5unjam -%{_libdir}/openmpi/bin/h5watch -%{_libdir}/openmpi/bin/mirror_server -%{_libdir}/openmpi/bin/mirror_server_stop %{_libdir}/openmpi/bin/ph5diff -%{_libdir}/openmpi/lib/*.so.%{so_version}* +%{_libdir}/openmpi/lib/*.so.10* %files openmpi-devel %{_includedir}/openmpi-%{_arch} @@ -381,9 +365,6 @@ make %{?_smp_mflags} -C build check %endif %changelog -* Wed Mar 29 2023 yaoxin - 1.12.1-1 -- Update to 1.12.1 and fix CVE-2018-13867,CVE-2018-14031,CVE-2018-16438,CVE-2019-8396,CVE-2020-10812 and CVE-2021-37501 - * Fri Sep 10 2021 wangyue - 1.8.20-14 - fix rpath error diff --git a/hdf5.yaml b/hdf5.yaml index 6dd23f4b05af4f164ec4a113d13ff20645782573..b14d9aa7de33c2a93bccc5979e3d727d7a91ef59 100644 --- a/hdf5.yaml +++ b/hdf5.yaml @@ -1,5 +1,5 @@ -git_url: https://github.com/HDFGroup/hdf5.git +git_url: https://github.com/live-clones/hdf5.git version_control: github -src_repo: HDFGroup/hdf5 +src_repo: live-clones/hdf5 tag_prefix: "hdf5-" -separator: "_" +seperator: "_"