diff --git a/CVE-2017-17506.patch b/CVE-2017-17506.patch deleted file mode 100644 index 6a824306458bd026a0f2c12e6a565bc97507c508..0000000000000000000000000000000000000000 --- a/CVE-2017-17506.patch +++ /dev/null @@ -1,1869 +0,0 @@ -From b1a6873b1021c967b661727edae9de87d194f744 Mon Sep 17 00:00:00 2001 -From: Dana Robinson -Date: Mon, 26 Feb 2018 18:31:40 -0800 -Subject: [PATCH] CVE-2017-17506 - ---- - src/H5Abtree2.c | 4 +- - src/H5Adense.c | 4 +- - src/H5Gbtree2.c | 4 +- - src/H5Gdense.c | 20 +-- - src/H5HFcache.c | 2 +- - src/H5Oainfo.c | 5 +- - src/H5Oattr.c | 8 +- - src/H5Obogus.c | 5 +- - src/H5Obtreek.c | 5 +- - src/H5Ocache_image.c | 377 +++++++++++++++++++++++++++++++++++++++ - src/H5Ocont.c | 5 +- - src/H5Odrvinfo.c | 5 +- - src/H5Odtype.c | 4 +- - src/H5Oefl.c | 5 +- - src/H5Ofill.c | 10 +- - src/H5Ofsinfo.c | 408 +++++++++++++++++++++++++++++++++++++++++++ - src/H5Oginfo.c | 5 +- - src/H5Olayout.c | 5 +- - src/H5Olinfo.c | 5 +- - src/H5Olink.c | 5 +- - src/H5Omessage.c | 4 +- - src/H5Omtime.c | 10 +- - src/H5Oname.c | 5 +- - src/H5Opkg.h | 4 +- - src/H5Opline.c | 51 +++--- - src/H5Oprivate.h | 2 +- - src/H5Orefcount.c | 5 +- - src/H5Osdspace.c | 5 +- - src/H5Oshared.c | 2 +- - src/H5Oshared.h | 8 +- - src/H5Oshmesg.c | 5 +- - src/H5Ostab.c | 5 +- - src/H5S.c | 2 +- - src/H5SM.c | 16 +- - src/H5T.c | 13 +- - src/H5Tprivate.h | 2 + - 36 files changed, 926 insertions(+), 104 deletions(-) - create mode 100644 src/H5Ocache_image.c - create mode 100644 src/H5Ofsinfo.c - -diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c -index 33a031e6f1..02fffce21c 100644 ---- a/src/H5Abtree2.c -+++ b/src/H5Abtree2.c -@@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */ - *------------------------------------------------------------------------- - */ - static herr_t --H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5A__dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) - { - H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ - H5A_t *attr = NULL; /* Pointer to attribute created from heap object */ -@@ -172,7 +172,7 @@ H5A_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda - FUNC_ENTER_NOAPI_NOINIT - - /* Decode attribute information */ -- if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) -+ if(NULL == (attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, FAIL, "can't decode attribute") - - /* Compare the string values */ -diff --git a/src/H5Adense.c b/src/H5Adense.c -index 291f422c62..ab159ff5e8 100644 ---- a/src/H5Adense.c -+++ b/src/H5Adense.c -@@ -843,7 +843,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5A__dense_copy_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5A_fh_ud_cp_t *udata = (H5A_fh_ud_cp_t *)_udata; /* User data for fractal heap 'op' callback */ - herr_t ret_value = SUCCEED; /* Return value */ -@@ -857,7 +857,7 @@ H5A__dense_copy_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda - * HDF5 routine, it could attempt to re-protect that direct block for the - * heap, causing the HDF5 routine called to fail) - */ -- if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, (const unsigned char *)obj))) -+ if(NULL == (udata->attr = (H5A_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_ATTR_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, FAIL, "can't decode attribute") - - /* Set the creation order index for the attribute */ -diff --git a/src/H5Gbtree2.c b/src/H5Gbtree2.c -index 888c611d77..d520484890 100644 ---- a/src/H5Gbtree2.c -+++ b/src/H5Gbtree2.c -@@ -159,7 +159,7 @@ const H5B2_class_t H5G_BT2_CORDER[1]={{ /* B-tree class information */ - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_cmp_t *udata = (H5G_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ - H5O_link_t *lnk; /* Pointer to link created from heap object */ -@@ -168,7 +168,7 @@ H5G_dense_fh_name_cmp(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_uda - FUNC_ENTER_NOAPI_NOINIT - - /* Decode link information */ -- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") - - /* Compare the string values */ -diff --git a/src/H5Gdense.c b/src/H5Gdense.c -index 9ec895187d..a43939eb97 100644 ---- a/src/H5Gdense.c -+++ b/src/H5Gdense.c -@@ -597,7 +597,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_lbi_t *udata = (H5G_fh_ud_lbi_t *)_udata; /* User data for fractal heap 'op' callback */ - H5O_link_t *tmp_lnk = NULL; /* Temporary pointer to link */ -@@ -606,7 +606,7 @@ H5G_dense_lookup_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo - FUNC_ENTER_NOAPI_NOINIT - - /* Decode link information & keep a copy */ -- if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (tmp_lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") - - /* Copy link information */ -@@ -887,7 +887,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_iterate_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_it_t *udata = (H5G_fh_ud_it_t *)_udata; /* User data for fractal heap 'op' callback */ - herr_t ret_value = SUCCEED; /* Return value */ -@@ -901,7 +901,7 @@ H5G_dense_iterate_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_u - * HDF5 routine, it could attempt to re-protect that direct block for the - * heap, causing the HDF5 routine called to fail - QAK) - */ -- if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") - - done: -@@ -1099,7 +1099,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_gnbi_t *udata = (H5G_fh_ud_gnbi_t *)_udata; /* User data for fractal heap 'op' callback */ - H5O_link_t *lnk; /* Pointer to link created from heap object */ -@@ -1108,7 +1108,7 @@ H5G_dense_get_name_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, - FUNC_ENTER_NOAPI_NOINIT - - /* Decode link information */ -- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") - - /* Get the length of the name */ -@@ -1306,7 +1306,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_remove_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_rm_t *udata = (H5G_fh_ud_rm_t *)_udata; /* User data for fractal heap 'op' callback */ - H5O_link_t *lnk = NULL; /* Pointer to link created from heap object */ -@@ -1316,7 +1316,7 @@ H5G_dense_remove_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_ud - FUNC_ENTER_NOAPI_NOINIT - - /* Decode link information */ -- if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, FAIL, "can't decode link") - - /* Check for removing the link from the creation order index */ -@@ -1483,7 +1483,7 @@ done: - *------------------------------------------------------------------------- - */ - static herr_t --H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, void *_udata) -+H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t obj_len, void *_udata) - { - H5G_fh_ud_rmbi_t *udata = (H5G_fh_ud_rmbi_t *)_udata; /* User data for fractal heap 'op' callback */ - herr_t ret_value = SUCCEED; /* Return value */ -@@ -1491,7 +1491,7 @@ H5G_dense_remove_by_idx_fh_cb(const void *obj, size_t H5_ATTR_UNUSED obj_len, vo - FUNC_ENTER_NOAPI_NOINIT - - /* Decode link information */ -- if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, (const unsigned char *)obj))) -+ if(NULL == (udata->lnk = (H5O_link_t *)H5O_msg_decode(udata->f, udata->dxpl_id, NULL, H5O_LINK_ID, obj_len, (const unsigned char *)obj))) - HGOTO_ERROR(H5E_SYM, H5E_CANTDECODE, H5_ITER_ERROR, "can't decode link") - - /* Can't operate on link here because the fractal heap block is locked */ -diff --git a/src/H5HFcache.c b/src/H5HFcache.c -index f0d251c8de..319a865438 100644 ---- a/src/H5HFcache.c -+++ b/src/H5HFcache.c -@@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata) - UINT32DECODE(p, hdr->pline_root_direct_filter_mask); - - /* Decode I/O filter information */ -- if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, p))) -+ if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, len, image))) - HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters") - p += hdr->filter_len; - -diff --git a/src/H5Oainfo.c b/src/H5Oainfo.c -index e85df44262..5aab4c6c32 100644 ---- a/src/H5Oainfo.c -+++ b/src/H5Oainfo.c -@@ -34,7 +34,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_ainfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_ainfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_ainfo_copy(const void *_mesg, void *_dest); - static size_t H5O_ainfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -104,7 +104,8 @@ H5FL_DEFINE_STATIC(H5O_ainfo_t); - */ - static void * - H5O_ainfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_ainfo_t *ainfo = NULL; /* Attribute info */ - unsigned char flags; /* Flags for encoding attribute info */ -diff --git a/src/H5Oattr.c b/src/H5Oattr.c -index a8d2a311b2..882912155a 100644 ---- a/src/H5Oattr.c -+++ b/src/H5Oattr.c -@@ -26,7 +26,7 @@ - /* PRIVATE PROTOTYPES */ - static herr_t H5O_attr_encode(H5F_t *f, uint8_t *p, const void *mesg); - static void *H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static void *H5O_attr_copy(const void *_mesg, void *_dest); - static size_t H5O_attr_size(const H5F_t *f, const void *_mesg); - static herr_t H5O_attr_free(void *mesg); -@@ -121,7 +121,7 @@ H5FL_EXTERN(H5S_extent_t); - --------------------------------------------------------------------------*/ - static void * - H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, -- unsigned *ioflags, const uint8_t *p) -+ unsigned *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5A_t *attr = NULL; - H5S_extent_t *extent; /*extent dimensionality information */ -@@ -187,7 +187,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED - - /* Decode the attribute's datatype */ - if(NULL == (attr->shared->dt = (H5T_t *)(H5O_MSG_DTYPE->decode)(f, dxpl_id, open_oh, -- ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p))) -+ ((flags & H5O_ATTR_FLAG_TYPE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->dt_size, p))) - HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute datatype") - if(attr->shared->version < H5O_ATTR_VERSION_2) - p += H5O_ALIGN_OLD(attr->shared->dt_size); -@@ -202,7 +202,7 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED - - /* Decode attribute's dataspace extent */ - if((extent = (H5S_extent_t *)(H5O_MSG_SDSPACE->decode)(f, dxpl_id, open_oh, -- ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, p)) == NULL) -+ ((flags & H5O_ATTR_FLAG_SPACE_SHARED) ? H5O_MSG_FLAG_SHARED : 0), ioflags, attr->shared->ds_size, p)) == NULL) - HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "can't decode attribute dataspace") - - /* Copy the extent information to the dataspace */ -diff --git a/src/H5Obogus.c b/src/H5Obogus.c -index 7a058b2452..ba9a8ada34 100644 ---- a/src/H5Obogus.c -+++ b/src/H5Obogus.c -@@ -37,7 +37,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_bogus_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_bogus_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static size_t H5O_bogus_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); - static herr_t H5O_bogus_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, FILE * stream, -@@ -110,7 +110,8 @@ const H5O_msg_class_t H5O_MSG_BOGUS_INVALID[1] = {{ - */ - static void * - H5O_bogus_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_bogus_t *mesg = NULL; - void *ret_value; /* Return value */ -diff --git a/src/H5Obtreek.c b/src/H5Obtreek.c -index 70aacc7644..6bcdcc3af3 100644 ---- a/src/H5Obtreek.c -+++ b/src/H5Obtreek.c -@@ -27,7 +27,7 @@ - #include "H5MMprivate.h" /* Memory management */ - - static void *H5O_btreek_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_btreek_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_btreek_copy(const void *_mesg, void *_dest); - static size_t H5O_btreek_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -78,7 +78,8 @@ const H5O_msg_class_t H5O_MSG_BTREEK[1] = {{ - */ - static void * - H5O_btreek_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_btreek_t *mesg; /* Native message */ - void *ret_value; /* Return value */ -diff --git a/src/H5Ocache_image.c b/src/H5Ocache_image.c -new file mode 100644 -index 0000000000..d2b65bbb8c ---- /dev/null -+++ b/src/H5Ocache_image.c -@@ -0,0 +1,377 @@ -+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -+ * Copyright by The HDF Group. * -+ * Copyright by the Board of Trustees of the University of Illinois. * -+ * All rights reserved. * -+ * * -+ * This file is part of HDF5. The full HDF5 copyright notice, including * -+ * terms governing use, modification, and redistribution, is contained in * -+ * the COPYING file, which can be found at the root of the source code * -+ * distribution tree, or in https://support.hdfgroup.org/ftp/HDF5/releases. * -+ * If you do not have access to either file, you may request a copy from * -+ * help@hdfgroup.org. * -+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ -+ -+/*------------------------------------------------------------------------- -+ * -+ * Created: H5Ocache_image.c -+ * June 21, 2015 -+ * John Mainzer -+ * -+ * Purpose: A message indicating that a metadata cache image block -+ * of the indicated length exists at the specified offset -+ * in the HDF5 file. -+ * -+ * The mdci_msg only appears in the superblock extension. -+ * -+ *------------------------------------------------------------------------- -+ */ -+ -+#include "H5Omodule.h" /* This source code file is part of the H5O module */ -+ -+ -+#include "H5private.h" /* Generic Functions */ -+#include "H5Eprivate.h" /* Error handling */ -+#include "H5Fprivate.h" /* Files */ -+#include "H5FLprivate.h" /* Free Lists */ -+#include "H5Opkg.h" /* Object headers */ -+#include "H5MFprivate.h" /* File space management */ -+ -+/* Callbacks for message class */ -+static void *H5O__mdci_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); -+static herr_t H5O__mdci_encode(H5F_t *f, hbool_t disable_shared, -+ uint8_t *p, const void *_mesg); -+static void *H5O__mdci_copy(const void *_mesg, void *_dest); -+static size_t H5O__mdci_size(const H5F_t *f, hbool_t disable_shared, -+ const void *_mesg); -+static herr_t H5O__mdci_free(void *mesg); -+static herr_t H5O__mdci_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -+ void *_mesg); -+static herr_t H5O__mdci_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, -+ FILE *stream, int indent, int fwidth); -+ -+/* This message derives from H5O message class */ -+const H5O_msg_class_t H5O_MSG_MDCI[1] = {{ -+ H5O_MDCI_MSG_ID, /* message id number */ -+ "mdci", /* message name for debugging */ -+ sizeof(H5O_mdci_t), /* native message size */ -+ 0, /* messages are sharable? */ -+ H5O__mdci_decode, /* decode message */ -+ H5O__mdci_encode, /* encode message */ -+ H5O__mdci_copy, /* copy method */ -+ H5O__mdci_size, /* size of mdc image message */ -+ NULL, /* reset method */ -+ H5O__mdci_free, /* free method */ -+ H5O__mdci_delete, /* file delete method */ -+ NULL, /* link method */ -+ NULL, /* set share method */ -+ NULL, /* can share method */ -+ NULL, /* pre copy native value to file */ -+ NULL, /* copy native value to file */ -+ NULL, /* post copy native value to file */ -+ NULL, /* get creation index */ -+ NULL, /* set creation index */ -+ H5O__mdci_debug /* debugging */ -+}}; -+ -+/* Only one version of the metadata cache image message at present */ -+#define H5O_MDCI_VERSION_0 0 -+ -+/* Declare the free list for H5O_mdci_t's */ -+H5FL_DEFINE(H5O_mdci_t); -+ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_decode -+ * -+ * Purpose: Decode a metadata cache image message and return a -+ * pointer to a newly allocated H5O_mdci_t struct. -+ * -+ * Return: Success: Ptr to new message in native struct. -+ * Failure: NULL -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static void * -+H5O__mdci_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, -+ H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, -+ unsigned H5_ATTR_UNUSED *ioflags, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) -+{ -+ H5O_mdci_t *mesg; /* Native message */ -+ void *ret_value = NULL; /* Return value */ -+ -+ FUNC_ENTER_STATIC -+ -+ /* Sanity check */ -+ HDassert(f); -+ HDassert(p); -+ -+ /* Version of message */ -+ if(*p++ != H5O_MDCI_VERSION_0) -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "bad version number for message") -+ -+ /* Allocate space for message */ -+ if(NULL == (mesg = (H5O_mdci_t *)H5FL_MALLOC(H5O_mdci_t))) -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed for metadata cache image message") -+ -+ /* Decode */ -+ H5F_addr_decode(f, &p, &(mesg->addr)); -+ H5F_DECODE_LENGTH(f, p, mesg->size); -+ -+ /* Set return value */ -+ ret_value = (void *)mesg; -+ -+done: -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O__mdci_decode() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_encode -+ * -+ * Purpose: Encode metadata cache image message -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O__mdci_encode(H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, -+ uint8_t *p, const void *_mesg) -+{ -+ const H5O_mdci_t *mesg = (const H5O_mdci_t *)_mesg; -+ -+ FUNC_ENTER_STATIC_NOERR -+ -+ /* Sanity check */ -+ HDassert(f); -+ HDassert(p); -+ HDassert(mesg); -+ -+ /* encode */ -+ *p++ = H5O_MDCI_VERSION_0; -+ H5F_addr_encode(f, &p, mesg->addr); -+ H5F_ENCODE_LENGTH(f, p, mesg->size); -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O__mdci_encode() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_copy -+ * -+ * Purpose: Copies a message from _MESG to _DEST, allocating _DEST if -+ * necessary. -+ * -+ * Return: Success: Ptr to _DEST -+ * Failure: NULL -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static void * -+H5O__mdci_copy(const void *_mesg, void *_dest) -+{ -+ const H5O_mdci_t *mesg = (const H5O_mdci_t *)_mesg; -+ H5O_mdci_t *dest = (H5O_mdci_t *) _dest; -+ void *ret_value = NULL; /* Return value */ -+ -+ FUNC_ENTER_STATIC -+ -+ /* check args */ -+ HDassert(mesg); -+ if(!dest && NULL == (dest = H5FL_MALLOC(H5O_mdci_t))) -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ -+ /* copy */ -+ *dest = *mesg; -+ -+ /* Set return value */ -+ ret_value = dest; -+ -+done: -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O_mdci__copy() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_size -+ * -+ * Purpose: Returns the size of the raw message in bytes not counting -+ * the message type or size fields, but only the data fields. -+ * This function doesn't take into account alignment. -+ * -+ * Return: Success: Message data size in bytes without alignment. -+ * -+ * Failure: zero -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static size_t -+H5O__mdci_size(const H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, -+ const void H5_ATTR_UNUSED *_mesg) -+{ -+ size_t ret_value = 0; /* Return value */ -+ -+ FUNC_ENTER_STATIC_NOERR -+ -+ /* Set return value */ -+ ret_value = (size_t)( 1 + /* Version number */ -+ H5F_SIZEOF_ADDR(f) + /* addr of metadata cache */ -+ /* image block */ -+ H5F_SIZEOF_SIZE(f) ); /* length of metadata cache */ -+ /* image block */ -+ -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O__mdci_size() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_free -+ * -+ * Purpose: Free the message -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O__mdci_free(void *mesg) -+{ -+ FUNC_ENTER_STATIC_NOERR -+ -+ HDassert(mesg); -+ -+ mesg = H5FL_FREE(H5O_mdci_t, mesg); -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O__mdci_free() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_delete -+ * -+ * Purpose: Free file space referenced by message -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: Quincey Koziol -+ * Wednesday, March 19, 2003 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O__mdci_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, void *_mesg) -+{ -+ H5O_mdci_t *mesg = (H5O_mdci_t *)_mesg; -+ herr_t ret_value = SUCCEED; /* Return value */ -+ -+ FUNC_ENTER_STATIC -+ -+ /* check args */ -+ HDassert(f); -+ HDassert(open_oh); -+ HDassert(mesg); -+ -+ /* Free file space for cache image */ -+ if(H5F_addr_defined(mesg->addr)) { -+ /* The space for the cache image block was allocated directly -+ * from the VFD layer at the end of file. As this was the -+ * last file space allocation before shutdown, the cache image -+ * should still be the last item in the file. -+ * -+ * If the hack to work around the self referential free space -+ * manager issue is in use, file space for the non-empty self -+ * referential free space managers was also allocated from VFD -+ * layer at the end of file. Since these allocations directly -+ * preceeded the cache image allocation they should be directly -+ * adjacent to the cache image block at the end of file. -+ * -+ * In this case, just call H5MF_tidy_self_referential_fsm_hack(). -+ * -+ * That routine will float the self referential free space -+ * managers, and reduce the eoa to its value just prior to -+ * allocation of space for same. Since the cache image appears -+ * just after the self referential free space managers, this -+ * will release the file space for the cache image as well. -+ * -+ * Note that in this case, there must not have been any file -+ * space allocations / deallocations prior to the free of the -+ * cache image. Verify this to the extent possible. -+ * -+ * If the hack to work around the persistant self referential -+ * free space manager issue is NOT in use, just call H5MF_xfree() -+ * to release the cache iamge. In principle, we should be able -+ * to just reduce the EOA to the base address of the cache -+ * image block, as there shouldn't be any file space allocation -+ * before the first metadata cache access. However, given -+ * time constraints, I don't want to go there now. -+ */ -+ if(H5F_FIRST_ALLOC_DEALLOC(f)) { -+ HDassert(HADDR_UNDEF != H5F_EOA_PRE_FSM_FSALLOC(f)); -+ HDassert(H5F_addr_ge(mesg->addr, H5F_EOA_PRE_FSM_FSALLOC(f))); -+ if(H5MF_tidy_self_referential_fsm_hack(f, dxpl_id) < 0) -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTFREE, FAIL, "tidy of self referential fsm hack failed") -+ } /* end if */ -+ else { -+ if(H5MF_xfree(f, H5FD_MEM_SUPER, dxpl_id, mesg->addr, mesg->size) < 0) -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTFREE, FAIL, "unable to free file space for cache image block") -+ } /* end else */ -+ } /* end if */ -+ -+done: -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O__mdci_delete() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O__mdci_debug -+ * -+ * Purpose: Prints debugging info. -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: John Mainzer -+ * 6/22/15 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O__mdci_debug(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, -+ const void *_mesg, FILE * stream, int indent, int fwidth) -+{ -+ const H5O_mdci_t *mdci = (const H5O_mdci_t *) _mesg; -+ -+ FUNC_ENTER_STATIC_NOERR -+ -+ /* check args */ -+ HDassert(f); -+ HDassert(mdci); -+ HDassert(stream); -+ HDassert(indent >= 0); -+ HDassert(fwidth >= 0); -+ -+ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, -+ "Metadata Cache Image Block address:", mdci->addr); -+ -+ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, -+ "Metadata Cache Image Block size in bytes:", mdci->size); -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O__mdci_debug() */ -+ -diff --git a/src/H5Ocont.c b/src/H5Ocont.c -index 681f54a748..b91b1814ef 100644 ---- a/src/H5Ocont.c -+++ b/src/H5Ocont.c -@@ -36,7 +36,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_cont_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_cont_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static size_t H5O_cont_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); - static herr_t H5O_cont_free(void *mesg); -@@ -89,7 +89,8 @@ H5FL_DEFINE(H5O_cont_t); - */ - static void * - H5O_cont_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_cont_t *cont = NULL; - void *ret_value; -diff --git a/src/H5Odrvinfo.c b/src/H5Odrvinfo.c -index 6f715f8bd2..fd8ad6b7ef 100644 ---- a/src/H5Odrvinfo.c -+++ b/src/H5Odrvinfo.c -@@ -27,7 +27,7 @@ - #include "H5MMprivate.h" /* Memory management */ - - static void *H5O_drvinfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_drvinfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_drvinfo_copy(const void *_mesg, void *_dest); - static size_t H5O_drvinfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -79,7 +79,8 @@ const H5O_msg_class_t H5O_MSG_DRVINFO[1] = {{ - */ - static void * - H5O_drvinfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_drvinfo_t *mesg; /* Native message */ - void *ret_value; /* Return value */ -diff --git a/src/H5Odtype.c b/src/H5Odtype.c -index 774b07103b..85fbef4020 100644 ---- a/src/H5Odtype.c -+++ b/src/H5Odtype.c -@@ -29,7 +29,7 @@ - /* PRIVATE PROTOTYPES */ - static herr_t H5O_dtype_encode(H5F_t *f, uint8_t *p, const void *mesg); - static void *H5O_dtype_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static void *H5O_dtype_copy(const void *_mesg, void *_dest); - static size_t H5O_dtype_size(const H5F_t *f, const void *_mesg); - static herr_t H5O_dtype_reset(void *_mesg); -@@ -1093,7 +1093,7 @@ done: - --------------------------------------------------------------------------*/ - static void * - H5O_dtype_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, -- unsigned *ioflags/*in,out*/, const uint8_t *p) -+ unsigned *ioflags/*in,out*/, size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5T_t *dt = NULL; - void *ret_value; /* Return value */ -diff --git a/src/H5Oefl.c b/src/H5Oefl.c -index 218d2503a5..546eb4fc57 100644 ---- a/src/H5Oefl.c -+++ b/src/H5Oefl.c -@@ -28,7 +28,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_efl_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_efl_copy(const void *_mesg, void *_dest); - static size_t H5O_efl_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -88,7 +88,8 @@ const H5O_msg_class_t H5O_MSG_EFL[1] = {{ - */ - static void * - H5O_efl_decode(H5F_t *f, hid_t dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_efl_t *mesg = NULL; - int version; -diff --git a/src/H5Ofill.c b/src/H5Ofill.c -index 721c648b3d..70704c5913 100644 ---- a/src/H5Ofill.c -+++ b/src/H5Ofill.c -@@ -32,11 +32,11 @@ - - - static void *H5O_fill_old_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_fill_old_encode(H5F_t *f, uint8_t *p, const void *_mesg); - static size_t H5O_fill_old_size(const H5F_t *f, const void *_mesg); - static void *H5O_fill_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_fill_new_encode(H5F_t *f, uint8_t *p, const void *_mesg); - static size_t H5O_fill_new_size(const H5F_t *f, const void *_mesg); - static void *H5O_fill_copy(const void *_mesg, void *_dest); -@@ -183,7 +183,8 @@ H5FL_BLK_EXTERN(type_conv); - */ - static void * - H5O_fill_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_fill_t *fill = NULL; - void *ret_value; -@@ -297,7 +298,8 @@ done: - */ - static void * - H5O_fill_old_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_fill_t *fill = NULL; /* Decoded fill value message */ - void *ret_value; /* Return value */ -diff --git a/src/H5Ofsinfo.c b/src/H5Ofsinfo.c -new file mode 100644 -index 0000000000..8369ae14ff ---- /dev/null -+++ b/src/H5Ofsinfo.c -@@ -0,0 +1,408 @@ -+/* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -+ * Copyright by The HDF Group. * -+ * Copyright by the Board of Trustees of the University of Illinois. * -+ * All rights reserved. * -+ * * -+ * This file is part of HDF5. The full HDF5 copyright notice, including * -+ * terms governing use, modification, and redistribution, is contained in * -+ * the COPYING file, which can be found at the root of the source code * -+ * distribution tree, or in https://support.hdfgroup.org/ftp/HDF5/releases. * -+ * If you do not have access to either file, you may request a copy from * -+ * help@hdfgroup.org. * -+ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ -+ -+/*------------------------------------------------------------------------- -+ * -+ * Created: H5Ofsinfo.c -+ * Feb 2009 -+ * Vailin Choi -+ * -+ * Purpose: File space info message. -+ * -+ *------------------------------------------------------------------------- -+ */ -+#define H5F_FRIEND /*suppress error about including H5Fpkg */ -+#include "H5Omodule.h" /* This source code file is part of the H5O module */ -+ -+ -+#include "H5private.h" /* Generic Functions */ -+#include "H5Eprivate.h" /* Error handling */ -+#include "H5Fpkg.h" /* File access */ -+#include "H5FLprivate.h" /* Free lists */ -+#include "H5Opkg.h" /* Object headers */ -+ -+/* PRIVATE PROTOTYPES */ -+static void *H5O_fsinfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, -+ unsigned *ioflags, size_t p_size, const uint8_t *p); -+static herr_t H5O_fsinfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); -+static void *H5O_fsinfo_copy(const void *_mesg, void *_dest); -+static size_t H5O_fsinfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -+static herr_t H5O_fsinfo_free(void *mesg); -+static herr_t H5O_fsinfo_debug(H5F_t *f, hid_t dxpl_id, const void *_mesg, -+ FILE * stream, int indent, int fwidth); -+ -+/* This message derives from H5O message class */ -+const H5O_msg_class_t H5O_MSG_FSINFO[1] = {{ -+ H5O_FSINFO_ID, /* message id number */ -+ "fsinfo", /* message name for debugging */ -+ sizeof(H5O_fsinfo_t), /* native message size */ -+ 0, /* messages are sharable? */ -+ H5O_fsinfo_decode, /* decode message */ -+ H5O_fsinfo_encode, /* encode message */ -+ H5O_fsinfo_copy, /* copy the native value */ -+ H5O_fsinfo_size, /* size of free-space manager info message */ -+ NULL, /* default reset method */ -+ H5O_fsinfo_free, /* free method */ -+ NULL, /* file delete method */ -+ NULL, /* link method */ -+ NULL, /* set share method */ -+ NULL, /* can share method */ -+ NULL, /* pre copy native value to file */ -+ NULL, /* copy native value to file */ -+ NULL, /* post copy native value to file */ -+ NULL, /* get creation index */ -+ NULL, /* set creation index */ -+ H5O_fsinfo_debug /* debug the message */ -+}}; -+ -+/* Current version of free-space manager info information */ -+#define H5O_FSINFO_VERSION_0 0 -+#define H5O_FSINFO_VERSION_1 1 -+ -+/* Declare a free list to manage the H5O_fsinfo_t struct */ -+H5FL_DEFINE_STATIC(H5O_fsinfo_t); -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_decode -+ * -+ * Purpose: Decode a message and return a pointer to a newly allocated one. -+ * -+ * Return: Success: Ptr to new message in native form. -+ * Failure: NULL -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static void * -+H5O_fsinfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) -+{ -+ H5O_fsinfo_t *fsinfo = NULL; /* File space info message */ -+ H5F_mem_page_t ptype; /* Memory type for iteration */ -+ unsigned vers; /* message version */ -+ void *ret_value = NULL; /* Return value */ -+ -+ FUNC_ENTER_NOAPI_NOINIT -+ -+ /* check args */ -+ HDassert(f); -+ HDassert(p); -+ -+ /* Allocate space for message */ -+ if(NULL == (fsinfo = H5FL_CALLOC(H5O_fsinfo_t))) -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ -+ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) -+ fsinfo->fs_addr[ptype - 1] = HADDR_UNDEF; -+ -+ /* Version of message */ -+ vers = *p++; -+ -+ if(vers == H5O_FSINFO_VERSION_0) { -+ H5F_file_space_type_t strategy; /* Strategy */ -+ hsize_t threshold; /* Threshold */ -+ H5FD_mem_t type; /* Memory type for iteration */ -+ -+ fsinfo->persist = H5F_FREE_SPACE_PERSIST_DEF; -+ fsinfo->threshold = H5F_FREE_SPACE_THRESHOLD_DEF; -+ fsinfo->page_size = H5F_FILE_SPACE_PAGE_SIZE_DEF; -+ fsinfo->pgend_meta_thres = H5F_FILE_SPACE_PGEND_META_THRES; -+ fsinfo->eoa_pre_fsm_fsalloc = HADDR_UNDEF; -+ -+ strategy = (H5F_file_space_type_t)*p++; /* File space strategy */ -+ H5F_DECODE_LENGTH(f, p, threshold); /* Free-space section threshold */ -+ -+ /* Map version 0 (deprecated) to version 1 message */ -+ switch(strategy) { -+ -+ case H5F_FILE_SPACE_ALL_PERSIST: -+ fsinfo->strategy = H5F_FSPACE_STRATEGY_FSM_AGGR; -+ fsinfo->persist = TRUE; -+ fsinfo->threshold = threshold; -+ if(HADDR_UNDEF == (fsinfo->eoa_pre_fsm_fsalloc = H5F_get_eoa(f, H5FD_MEM_DEFAULT)) ) -+ HGOTO_ERROR(H5E_FILE, H5E_CANTGET, NULL, "unable to get file size") -+ for(type = H5FD_MEM_SUPER; type < H5FD_MEM_NTYPES; H5_INC_ENUM(H5FD_mem_t, type)) -+ H5F_addr_decode(f, &p, &(fsinfo->fs_addr[type-1])); -+ break; -+ -+ case H5F_FILE_SPACE_ALL: -+ fsinfo->strategy = H5F_FSPACE_STRATEGY_FSM_AGGR; -+ fsinfo->threshold = threshold; -+ break; -+ -+ case H5F_FILE_SPACE_AGGR_VFD: -+ fsinfo->strategy = H5F_FSPACE_STRATEGY_AGGR; -+ break; -+ -+ case H5F_FILE_SPACE_VFD: -+ fsinfo->strategy = H5F_FSPACE_STRATEGY_NONE; -+ break; -+ -+ case H5F_FILE_SPACE_NTYPES: -+ case H5F_FILE_SPACE_DEFAULT: -+ default: -+ HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, NULL, "invalid file space strategy") -+ } /* end switch */ -+ -+ fsinfo->mapped = TRUE; -+ -+ } else { -+ HDassert(vers == H5O_FSINFO_VERSION_1); -+ -+ fsinfo->strategy = (H5F_fspace_strategy_t)*p++; /* File space strategy */ -+ fsinfo->persist = *p++; /* Free-space persist or not */ -+ H5F_DECODE_LENGTH(f, p, fsinfo->threshold); /* Free-space section threshold */ -+ -+ H5F_DECODE_LENGTH(f, p, fsinfo->page_size); /* File space page size */ -+ UINT16DECODE(p, fsinfo->pgend_meta_thres); /* Page end metdata threshold */ -+ H5F_addr_decode(f, &p, &(fsinfo->eoa_pre_fsm_fsalloc)); /* EOA before free-space header and section info */ -+ -+ /* Decode addresses of free space managers, if persisting */ -+ if(fsinfo->persist) { -+ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) -+ H5F_addr_decode(f, &p, &(fsinfo->fs_addr[ptype - 1])); -+ } /* end if */ -+ -+ fsinfo->mapped = FALSE; -+ } -+ -+ /* Set return value */ -+ ret_value = fsinfo; -+ -+done: -+ if(ret_value == NULL && fsinfo != NULL) -+ fsinfo = H5FL_FREE(H5O_fsinfo_t, fsinfo); -+ -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O_fsinfo_decode() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_encode -+ * -+ * Purpose: Encodes a message. -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O_fsinfo_encode(H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, uint8_t *p, const void *_mesg) -+{ -+ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; -+ H5F_mem_page_t ptype; /* Memory type for iteration */ -+ -+ FUNC_ENTER_NOAPI_NOINIT_NOERR -+ -+ /* check args */ -+ HDassert(f); -+ HDassert(p); -+ HDassert(fsinfo); -+ -+ *p++ = H5O_FSINFO_VERSION_1; /* message version */ -+ *p++ = fsinfo->strategy; /* File space strategy */ -+ *p++ = (unsigned char)fsinfo->persist; /* Free-space persist or not */ -+ H5F_ENCODE_LENGTH(f, p, fsinfo->threshold); /* Free-space section size threshold */ -+ -+ H5F_ENCODE_LENGTH(f, p, fsinfo->page_size); /* File space page size */ -+ UINT16ENCODE(p, fsinfo->pgend_meta_thres); /* Page end metadata threshold */ -+ H5F_addr_encode(f, &p, fsinfo->eoa_pre_fsm_fsalloc); /* EOA before free-space header and section info */ -+ -+ /* Store addresses of free-space managers, if persisting */ -+ if(fsinfo->persist) { -+ /* Addresses of free-space managers */ -+ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) -+ H5F_addr_encode(f, &p, fsinfo->fs_addr[ptype - 1]); -+ } /* end if */ -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O_fsinfo_encode() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_copy -+ * -+ * Purpose: Copies a message from _MESG to _DEST, allocating _DEST if -+ * necessary. -+ * -+ * Return: Success: Ptr to _DEST -+ * Failure: NULL -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static void * -+H5O_fsinfo_copy(const void *_mesg, void *_dest) -+{ -+ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; -+ H5O_fsinfo_t *dest = (H5O_fsinfo_t *) _dest; -+ void *ret_value = NULL; /* Return value */ -+ -+ FUNC_ENTER_NOAPI_NOINIT -+ -+ /* check args */ -+ HDassert(fsinfo); -+ if(!dest && NULL == (dest = H5FL_CALLOC(H5O_fsinfo_t))) -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ -+ /* copy */ -+ *dest = *fsinfo; -+ -+ /* Set return value */ -+ ret_value = dest; -+ -+done: -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O_fsinfo_copy() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_size -+ * -+ * Purpose: Returns the size of the raw message in bytes not counting -+ * the message type or size fields, but only the data fields. -+ * This function doesn't take into account alignment. -+ * -+ * Return: Success: Message data size in bytes without alignment. -+ * Failure: zero -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static size_t -+H5O_fsinfo_size(const H5F_t *f, hbool_t H5_ATTR_UNUSED disable_shared, const void *_mesg) -+{ -+ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *)_mesg; -+ size_t ret_value = 0; /* Return value */ -+ -+ FUNC_ENTER_NOAPI_NOINIT_NOERR -+ -+ ret_value = 3 /* Version, strategy & persist */ -+ + (size_t)H5F_SIZEOF_SIZE(f) /* Free-space section threshold */ -+ + (size_t)H5F_SIZEOF_SIZE(f) /* File space page size */ -+ + 2 /* Page end meta threshold */ -+ + (size_t)H5F_SIZEOF_ADDR(f); -+ -+ /* Free-space manager addresses */ -+ if(fsinfo->persist) -+ ret_value += (H5F_MEM_PAGE_NTYPES - 1) * (size_t)H5F_SIZEOF_ADDR(f); -+ -+ FUNC_LEAVE_NOAPI(ret_value) -+} /* end H5O_fsinfo_size() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_free -+ * -+ * Purpose: Free's the message -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O_fsinfo_free(void *mesg) -+{ -+ FUNC_ENTER_NOAPI_NOINIT_NOERR -+ -+ HDassert(mesg); -+ -+ mesg = H5FL_FREE(H5O_fsinfo_t, mesg); -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O_fsinfo_free() */ -+ -+ -+/*------------------------------------------------------------------------- -+ * Function: H5O_fsinfo_debug -+ * -+ * Purpose: Prints debugging info for a message. -+ * -+ * Return: Non-negative on success/Negative on failure -+ * -+ * Programmer: Vailin Choi; Feb 2009 -+ * -+ *------------------------------------------------------------------------- -+ */ -+static herr_t -+H5O_fsinfo_debug(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, const void *_mesg, FILE * stream, -+ int indent, int fwidth) -+{ -+ const H5O_fsinfo_t *fsinfo = (const H5O_fsinfo_t *) _mesg; -+ H5F_mem_page_t ptype; /* Free-space types for iteration */ -+ -+ FUNC_ENTER_NOAPI_NOINIT_NOERR -+ -+ /* check args */ -+ HDassert(f); -+ HDassert(fsinfo); -+ HDassert(stream); -+ HDassert(indent >= 0); -+ HDassert(fwidth >= 0); -+ -+ HDfprintf(stream, "%*s%-*s ", indent, "", fwidth, "File space strategy:"); -+ switch(fsinfo->strategy) { -+ case H5F_FSPACE_STRATEGY_FSM_AGGR: -+ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_FSM_AGGR"); -+ break; -+ -+ case H5F_FSPACE_STRATEGY_PAGE: -+ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_PAGE"); -+ break; -+ -+ case H5F_FSPACE_STRATEGY_AGGR: -+ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_AGGR"); -+ break; -+ -+ case H5F_FSPACE_STRATEGY_NONE: -+ HDfprintf(stream, "%s\n", "H5F_FSPACE_STRATEGY_NONE"); -+ break; -+ -+ case H5F_FSPACE_STRATEGY_NTYPES: -+ default: -+ HDfprintf(stream, "%s\n", "unknown"); -+ } /* end switch */ -+ -+ HDfprintf(stream, "%*s%-*s %t\n", indent, "", fwidth, -+ "Free-space persist:", fsinfo->persist); -+ -+ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, -+ "Free-space section threshold:", fsinfo->threshold); -+ -+ HDfprintf(stream, "%*s%-*s %Hu\n", indent, "", fwidth, -+ "File space page size:", fsinfo->page_size); -+ -+ HDfprintf(stream, "%*s%-*s %u\n", indent, "", fwidth, -+ "Page end metadata threshold:", fsinfo->pgend_meta_thres); -+ -+ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, -+ "eoa_pre_fsm_fsalloc:", fsinfo->eoa_pre_fsm_fsalloc); -+ -+ if(fsinfo->persist) { -+ for(ptype = H5F_MEM_PAGE_SUPER; ptype < H5F_MEM_PAGE_NTYPES; H5_INC_ENUM(H5F_mem_page_t, ptype)) -+ HDfprintf(stream, "%*s%-*s %a\n", indent, "", fwidth, -+ "Free space manager address:", fsinfo->fs_addr[ptype-1]); -+ } /* end if */ -+ -+ FUNC_LEAVE_NOAPI(SUCCEED) -+} /* end H5O_fsinfo_debug() */ -+ -diff --git a/src/H5Oginfo.c b/src/H5Oginfo.c -index d8be51fa04..8ba1f71d9f 100644 ---- a/src/H5Oginfo.c -+++ b/src/H5Oginfo.c -@@ -32,7 +32,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_ginfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_ginfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_ginfo_copy(const void *_mesg, void *_dest); - static size_t H5O_ginfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -94,7 +94,8 @@ H5FL_DEFINE_STATIC(H5O_ginfo_t); - */ - static void * - H5O_ginfo_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_ginfo_t *ginfo = NULL; /* Pointer to group information message */ - unsigned char flags; /* Flags for encoding group info */ -diff --git a/src/H5Olayout.c b/src/H5Olayout.c -index 3bbee129e0..5c5ad42730 100644 ---- a/src/H5Olayout.c -+++ b/src/H5Olayout.c -@@ -35,7 +35,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_layout_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_layout_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_layout_copy(const void *_mesg, void *_dest); - static size_t H5O_layout_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -95,7 +95,8 @@ H5FL_DEFINE(H5O_layout_t); - */ - static void * - H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_layout_t *mesg = NULL; - unsigned u; -diff --git a/src/H5Olinfo.c b/src/H5Olinfo.c -index 03e545f260..a612ae5e2b 100644 ---- a/src/H5Olinfo.c -+++ b/src/H5Olinfo.c -@@ -36,7 +36,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_linfo_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_linfo_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_linfo_copy(const void *_mesg, void *_dest); - static size_t H5O_linfo_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -113,7 +113,8 @@ H5FL_DEFINE_STATIC(H5O_linfo_t); - */ - static void * - H5O_linfo_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_linfo_t *linfo = NULL; /* Link info */ - unsigned char index_flags; /* Flags for encoding link index info */ -diff --git a/src/H5Olink.c b/src/H5Olink.c -index 1b57f22529..c0dd1d8c4b 100644 ---- a/src/H5Olink.c -+++ b/src/H5Olink.c -@@ -38,7 +38,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_link_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_link_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_link_copy(const void *_mesg, void *_dest); - static size_t H5O_link_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -117,7 +117,8 @@ H5FL_DEFINE_STATIC(H5O_link_t); - */ - static void * - H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_link_t *lnk = NULL; /* Pointer to link message */ - size_t len = 0; /* Length of a string in the message */ -diff --git a/src/H5Omessage.c b/src/H5Omessage.c -index bbcf5a6ea7..98517a34ed 100644 ---- a/src/H5Omessage.c -+++ b/src/H5Omessage.c -@@ -1821,7 +1821,7 @@ done: - */ - void * - H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, -- const unsigned char *buf) -+ size_t buf_size, const unsigned char *buf) - { - const H5O_msg_class_t *type; /* Actual H5O class type for the ID */ - void *ret_value; /* Return value */ -@@ -1836,7 +1836,7 @@ H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned type_id, - HDassert(type); - - /* decode */ -- if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf)) == NULL) -+ if((ret_value = (type->decode)(f, dxpl_id, open_oh, 0, &ioflags, buf_size, buf)) == NULL) - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode message") - - done: -diff --git a/src/H5Omtime.c b/src/H5Omtime.c -index 46dd499250..e4db09bad3 100644 ---- a/src/H5Omtime.c -+++ b/src/H5Omtime.c -@@ -27,12 +27,12 @@ - - - static void *H5O_mtime_new_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_mtime_new_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static size_t H5O_mtime_new_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); - - static void *H5O_mtime_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_mtime_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_mtime_copy(const void *_mesg, void *_dest); - static size_t H5O_mtime_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -118,7 +118,8 @@ H5FL_DEFINE(time_t); - */ - static void * - H5O_mtime_new_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - time_t *mesg; - uint32_t tmp_time; /* Temporary copy of the time */ -@@ -171,7 +172,8 @@ done: - */ - static void * - H5O_mtime_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - time_t *mesg, the_time; - int i; -diff --git a/src/H5Oname.c b/src/H5Oname.c -index 007e20f9a6..5248168c30 100644 ---- a/src/H5Oname.c -+++ b/src/H5Oname.c -@@ -32,7 +32,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_name_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_name_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_name_copy(const void *_mesg, void *_dest); - static size_t H5O_name_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -83,7 +83,8 @@ const H5O_msg_class_t H5O_MSG_NAME[1] = {{ - */ - static void * - H5O_name_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_name_t *mesg; - void *ret_value; /* Return value */ -diff --git a/src/H5Opkg.h b/src/H5Opkg.h -index cd585beefd..f4b80147b8 100644 ---- a/src/H5Opkg.h -+++ b/src/H5Opkg.h -@@ -186,7 +186,7 @@ - \ - /* Decode the message */ \ - HDassert(msg_type->decode); \ -- if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw))) \ -+ if(NULL == ((MSG)->native = (msg_type->decode)((F), (DXPL), (OH), (MSG)->flags, &ioflags, (MSG)->raw_size, (MSG)->raw))) \ - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, ERR, "unable to decode message") \ - \ - /* Mark the message dirty if it was changed by decoding */ \ -@@ -222,7 +222,7 @@ struct H5O_msg_class_t { - const char *name; /*for debugging */ - size_t native_size; /*size of native message */ - unsigned share_flags; /* Message sharing settings */ -- void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, const uint8_t *); -+ void *(*decode)(H5F_t *, hid_t, H5O_t *, unsigned, unsigned *, size_t, const uint8_t *); - herr_t (*encode)(H5F_t *, hbool_t, uint8_t *, const void *); - void *(*copy)(const void *, void *); /*copy native value */ - size_t (*raw_size)(const H5F_t *, hbool_t, const void *);/*sizeof encoded message */ -diff --git a/src/H5Opline.c b/src/H5Opline.c -index 42fb72c9cb..0cd791213c 100644 ---- a/src/H5Opline.c -+++ b/src/H5Opline.c -@@ -33,7 +33,7 @@ - /* PRIVATE PROTOTYPES */ - static herr_t H5O_pline_encode(H5F_t *f, uint8_t *p, const void *mesg); - static void *H5O_pline_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static void *H5O_pline_copy(const void *_mesg, void *_dest); - static size_t H5O_pline_size(const H5F_t *f, const void *_mesg); - static herr_t H5O_pline_reset(void *_mesg); -@@ -108,13 +108,15 @@ H5FL_DEFINE(H5O_pline_t); - */ - static void * - H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t p_size, const uint8_t *p) - { - H5O_pline_t *pline = NULL; /* Pipeline message */ - H5Z_filter_info_t *filter; /* Filter to decode */ - size_t name_length; /* Length of filter name */ - size_t i; /* Local index variable */ -- void *ret_value; /* Return value */ -+ const uint8_t *p_end = p + p_size - 1; /* End of the p buffer */ -+ void *ret_value = NULL; /* Return value */ - - FUNC_ENTER_NOAPI_NOINIT - -@@ -123,12 +125,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 - - /* Allocate space for I/O pipeline message */ - if(NULL == (pline = H5FL_CALLOC(H5O_pline_t))) -- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - - /* Version */ - pline->version = *p++; - if(pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST) -- HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") -+ HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") - - /* Number of filters */ - pline->nused = *p++; -@@ -142,12 +144,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 - /* Allocate array for filters */ - pline->nalloc = pline->nused; - if(NULL == (pline->filter = (H5Z_filter_info_t *)H5MM_calloc(pline->nalloc * sizeof(pline->filter[0])))) -- HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - - /* Decode filters */ - for(i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) { - /* Filter ID */ -- UINT16DECODE(p, filter->id); -+ UINT16DECODE(p, filter->id); - - /* Length of filter name */ - if(pline->version > H5O_PLINE_VERSION_1 && filter->id < H5Z_FILTER_RESERVED) -@@ -159,18 +161,18 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 - } /* end if */ - - /* Filter flags */ -- UINT16DECODE(p, filter->flags); -+ UINT16DECODE(p, filter->flags); - - /* Number of filter parameters ("client data elements") */ -- UINT16DECODE(p, filter->cd_nelmts); -+ UINT16DECODE(p, filter->cd_nelmts); - - /* Filter name, if there is one */ -- if(name_length) { -+ if(name_length) { - size_t actual_name_length; /* Actual length of name */ - - /* Determine actual name length (without padding, but with null terminator) */ -- actual_name_length = HDstrlen((const char *)p) + 1; -- HDassert(actual_name_length <= name_length); -+ actual_name_length = HDstrlen((const char *)p) + 1; -+ HDassert(actual_name_length <= name_length); - - /* Allocate space for the filter name, or use the internal buffer */ - if(actual_name_length > H5Z_COMMON_NAME_LEN) { -@@ -181,12 +183,12 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 - else - filter->name = filter->_name; - -- HDstrncpy(filter->name, (const char *)p, actual_name_length); -- p += name_length; -- } /* end if */ -+ HDstrncpy(filter->name, (const char *)p, actual_name_length); -+ p += name_length; -+ } /* end if */ - - /* Filter parameters */ -- if(filter->cd_nelmts) { -+ if(filter->cd_nelmts) { - size_t j; /* Local index variable */ - - /* Allocate space for the client data elements, or use the internal buffer */ -@@ -198,15 +200,20 @@ H5O_pline_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5 - else - filter->cd_values = filter->_cd_values; - -- /* -- * Read the client data values and the padding -- */ -- for(j = 0; j < filter->cd_nelmts; j++) -- UINT32DECODE(p, filter->cd_values[j]); -+ /* -+ * Read the client data values and the padding -+ */ -+ for (j = 0; j < filter->cd_nelmts; j++) { -+ if (p + 4 - 1 <= p_end) -+ UINT32DECODE(p, filter->cd_values[j]) -+ else -+ HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_size = %zu, p_end = %p", p, p_size, p_end) -+ } -+ - if(pline->version == H5O_PLINE_VERSION_1) - if(filter->cd_nelmts % 2) - p += 4; /*padding*/ -- } /* end if */ -+ } /* end if */ - } /* end for */ - - /* Set return value */ -diff --git a/src/H5Oprivate.h b/src/H5Oprivate.h -index ca0fc8e633..1f51705243 100644 ---- a/src/H5Oprivate.h -+++ b/src/H5Oprivate.h -@@ -710,7 +710,7 @@ H5_DLL herr_t H5O_msg_get_crt_index(unsigned type_id, const void *mesg, - H5_DLL herr_t H5O_msg_encode(H5F_t *f, unsigned type_id, hbool_t disable_shared, - unsigned char *buf, const void *obj); - H5_DLL void* H5O_msg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned type_id, const unsigned char *buf); -+ unsigned type_id, size_t buf_size, const unsigned char *buf); - H5_DLL herr_t H5O_msg_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - unsigned type_id, void *mesg); - H5_DLL int H5O_msg_get_chunkno(const H5O_loc_t *loc, unsigned type_id, hid_t dxpl_id); -diff --git a/src/H5Orefcount.c b/src/H5Orefcount.c -index 22b1a02835..78ff791729 100644 ---- a/src/H5Orefcount.c -+++ b/src/H5Orefcount.c -@@ -32,7 +32,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_refcount_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_refcount_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_refcount_copy(const void *_mesg, void *_dest); - static size_t H5O_refcount_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -89,7 +89,8 @@ H5FL_DEFINE_STATIC(H5O_refcount_t); - */ - static void * - H5O_refcount_decode(H5F_t H5_ATTR_UNUSED *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_refcount_t *refcount = NULL; /* Reference count */ - void *ret_value; /* Return value */ -diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c -index 557a44bb3c..627ea190a3 100644 ---- a/src/H5Osdspace.c -+++ b/src/H5Osdspace.c -@@ -26,7 +26,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_sdspace_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg); - static void *H5O_sdspace_copy(const void *_mesg, void *_dest); - static size_t H5O_sdspace_size(const H5F_t *f, const void *_mesg); -@@ -110,7 +110,8 @@ H5FL_ARR_EXTERN(hsize_t); - --------------------------------------------------------------------------*/ - static void * - H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5S_extent_t *sdim = NULL;/* New extent dimensionality structure */ - void *ret_value; -diff --git a/src/H5Oshared.c b/src/H5Oshared.c -index 0d692f9489..2475dd5137 100644 ---- a/src/H5Oshared.c -+++ b/src/H5Oshared.c -@@ -156,7 +156,7 @@ H5O_shared_read(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned *ioflags, - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "can't read message from fractal heap.") - - /* Decode the message */ -- if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_ptr))) -+ if(NULL == (ret_value = (type->decode)(f, dxpl_id, open_oh, 0, ioflags, mesg_size, mesg_ptr))) - HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "can't decode shared message.") - } /* end if */ - else { -diff --git a/src/H5Oshared.h b/src/H5Oshared.h -index f71f5f6f36..e60d7ba37b 100644 ---- a/src/H5Oshared.h -+++ b/src/H5Oshared.h -@@ -47,7 +47,7 @@ - */ - static H5_INLINE void * - H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, -- unsigned *ioflags, const uint8_t *p) -+ unsigned *ioflags, size_t p_size, const uint8_t *p) - { - void *ret_value; /* Return value */ - -@@ -67,7 +67,7 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, - if(mesg_flags & H5O_MSG_FLAG_SHARED) { - /* Retrieve native message info indirectly through shared message */ - if(NULL == (ret_value = H5O_shared_decode(f, dxpl_id, open_oh, ioflags, p, H5O_SHARED_TYPE))) -- HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode shared message") - - /* We currently do not support automatically fixing shared messages */ - #ifdef H5_STRICT_FORMAT_CHECKS -@@ -79,8 +79,8 @@ H5O_SHARED_DECODE(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned mesg_flags, - } /* end if */ - else { - /* Decode native message directly */ -- if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p))) -- HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") -+ if(NULL == (ret_value = H5O_SHARED_DECODE_REAL(f, dxpl_id, open_oh, mesg_flags, ioflags, p_size, p))) -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTDECODE, NULL, "unable to decode native message") - } /* end else */ - - done: -diff --git a/src/H5Oshmesg.c b/src/H5Oshmesg.c -index 536f67e8be..489114aee8 100644 ---- a/src/H5Oshmesg.c -+++ b/src/H5Oshmesg.c -@@ -27,7 +27,7 @@ - #include "H5MMprivate.h" /* Memory management */ - - static void *H5O_shmesg_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_shmesg_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_shmesg_copy(const void *_mesg, void *_dest); - static size_t H5O_shmesg_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -75,7 +75,8 @@ const H5O_msg_class_t H5O_MSG_SHMESG[1] = {{ - */ - static void * - H5O_shmesg_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_shmesg_table_t *mesg; /* Native message */ - void *ret_value; /* Return value */ -diff --git a/src/H5Ostab.c b/src/H5Ostab.c -index 928307e580..cf8c96a6ad 100644 ---- a/src/H5Ostab.c -+++ b/src/H5Ostab.c -@@ -35,7 +35,7 @@ - - /* PRIVATE PROTOTYPES */ - static void *H5O_stab_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, -- unsigned mesg_flags, unsigned *ioflags, const uint8_t *p); -+ unsigned mesg_flags, unsigned *ioflags, size_t p_size, const uint8_t *p); - static herr_t H5O_stab_encode(H5F_t *f, hbool_t disable_shared, uint8_t *p, const void *_mesg); - static void *H5O_stab_copy(const void *_mesg, void *_dest); - static size_t H5O_stab_size(const H5F_t *f, hbool_t disable_shared, const void *_mesg); -@@ -96,7 +96,8 @@ H5FL_DEFINE_STATIC(H5O_stab_t); - */ - static void * - H5O_stab_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, -- unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, const uint8_t *p) -+ unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -+ size_t H5_ATTR_UNUSED p_size, const uint8_t *p) - { - H5O_stab_t *stab = NULL; - void *ret_value; /* Return value */ -diff --git a/src/H5S.c b/src/H5S.c -index d03d5235c6..50bee52151 100644 ---- a/src/H5S.c -+++ b/src/H5S.c -@@ -1644,7 +1644,7 @@ H5S_decode(const unsigned char *buf) - - /* Decode the extent part of dataspace */ - /* (pass mostly bogus file pointer and bogus DXPL) */ -- if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, buf))==NULL) -+ if((extent = (H5S_extent_t *)H5O_msg_decode(f, H5P_DEFAULT, NULL, H5O_SDSPACE_ID, extent_size, buf))==NULL) - HGOTO_ERROR(H5E_DATASPACE, H5E_CANTDECODE, NULL, "can't decode object") - buf += extent_size; - -diff --git a/src/H5SM.c b/src/H5SM.c -index 080eb7c54e..b549b593f2 100644 ---- a/src/H5SM.c -+++ b/src/H5SM.c -@@ -69,7 +69,7 @@ static herr_t H5SM_write_mesg(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - static herr_t H5SM_decr_ref(void *record, void *op_data, hbool_t *changed); - static herr_t H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - H5SM_index_header_t *header, const H5O_shared_t * mesg, -- unsigned *cache_flags, void ** /*out*/ encoded_mesg); -+ unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg); - static herr_t H5SM_type_to_flag(unsigned type_id, unsigned *type_flag); - static herr_t H5SM_read_iter_op(H5O_t *oh, H5O_mesg_t *mesg, unsigned sequence, - unsigned *oh_modified, void *_udata); -@@ -1518,6 +1518,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) - unsigned cache_flags = H5AC__NO_FLAGS_SET; - H5SM_table_cache_ud_t cache_udata; /* User-data for callback */ - ssize_t index_num; -+ size_t mesg_size = 0; - void *mesg_buf = NULL; - void *native_mesg = NULL; - unsigned type_id; /* Message type ID to operate on */ -@@ -1547,8 +1548,8 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) - * zero and any file space it uses needs to be freed. mesg_buf holds the - * serialized form of the message. - */ -- if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_buf) < 0) -- HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") -+ if(H5SM_delete_from_index(f, dxpl_id, open_oh, &(table->indexes[index_num]), sh_mesg, &cache_flags, &mesg_size, &mesg_buf) < 0) -+ HGOTO_ERROR(H5E_SOHM, H5E_CANTDELETE, FAIL, "unable to delete mesage from SOHM index") - - /* Release the master SOHM table */ - if(H5AC_unprotect(f, dxpl_id, H5AC_SOHM_TABLE, H5F_SOHM_ADDR(f), table, cache_flags) < 0) -@@ -1560,7 +1561,7 @@ H5SM_delete(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, H5O_shared_t *sh_mesg) - * master table needs to be unprotected when we do this. - */ - if(mesg_buf) { -- if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, (const unsigned char *)mesg_buf))) -+ if(NULL == (native_mesg = H5O_msg_decode(f, dxpl_id, open_oh, type_id, mesg_size, (const unsigned char *)mesg_buf))) - HGOTO_ERROR(H5E_SOHM, H5E_CANTDECODE, FAIL, "can't decode shared message.") - - if(H5O_msg_delete(f, dxpl_id, open_oh, type_id, native_mesg) < 0) -@@ -1747,7 +1748,7 @@ H5SM_decr_ref(void *record, void *op_data, hbool_t *changed) - static herr_t - H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - H5SM_index_header_t *header, const H5O_shared_t *mesg, -- unsigned *cache_flags, void ** /*out*/ encoded_mesg) -+ unsigned *cache_flags, size_t * /*out*/ mesg_size, void ** /*out*/ encoded_mesg) - { - H5SM_list_t *list = NULL; - H5SM_mesg_key_t key; -@@ -1879,6 +1880,7 @@ H5SM_delete_from_index(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, - - /* Return the message's encoding so anything it references can be freed */ - *encoded_mesg = encoding_buf; -+ *mesg_size = buf_size; - - /* If there are no messages left in the index, delete it */ - if(header->num_messages == 0) { -@@ -1920,8 +1922,10 @@ done: - /* Free the message encoding, if we're not returning it in encoded_mesg - * or if there's been an error. - */ -- if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) -+ if(encoding_buf && (NULL == *encoded_mesg || ret_value < 0)) { - encoding_buf = H5MM_xfree(encoding_buf); -+ *mesg_size = 0; -+ } - - FUNC_LEAVE_NOAPI(ret_value) - } /* end H5SM_delete_from_index() */ -diff --git a/src/H5T.c b/src/H5T.c -index d705b99d33..9eeb7db193 100644 ---- a/src/H5T.c -+++ b/src/H5T.c -@@ -2801,8 +2801,13 @@ H5Tdecode(const void *buf) - if(buf == NULL) - HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "empty buffer") - -- /* Create datatype by decoding buffer */ -- if(NULL == (dt = H5T_decode((const unsigned char *)buf))) -+ /* Create datatype by decoding buffer -+ * There is no way to get the size of the buffer, so we pass in -+ * SIZE_MAX and assume the caller knows what they are doing. -+ * Really fixing this will require an H5Tdecode2() call that -+ * takes a size parameter. -+ */ -+ if(NULL == (dt = H5T_decode(SIZE_MAX, (const unsigned char *)buf))) - HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "can't decode object") - - /* Register the type and return the ID */ -@@ -2891,7 +2896,7 @@ done: - *------------------------------------------------------------------------- - */ - static H5T_t * --H5T_decode(const unsigned char *buf) -+H5T_decode(size_t buf_size, const unsigned char *buf) - { - H5F_t *f = NULL; /* Fake file structure*/ - H5T_t *ret_value = NULL; /* Return value */ -@@ -2911,7 +2916,7 @@ H5T_decode(const unsigned char *buf) - HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype") - - /* Decode the serialized datatype message */ -- if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf))) -+ if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_noio_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) - HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object") - - /* Mark datatype as being in memory now */ -diff --git a/src/H5Tprivate.h b/src/H5Tprivate.h -index 81af0567d4..f5191416ad 100644 ---- a/src/H5Tprivate.h -+++ b/src/H5Tprivate.h -@@ -112,6 +112,8 @@ H5_DLL H5T_class_t H5T_get_class(const H5T_t *dt, htri_t internal); - H5_DLL htri_t H5T_detect_class(const H5T_t *dt, H5T_class_t cls, hbool_t from_api); - H5_DLL size_t H5T_get_size(const H5T_t *dt); - H5_DLL int H5T_cmp(const H5T_t *dt1, const H5T_t *dt2, hbool_t superset); -+H5_DLL herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); -+H5_DLL H5T_t *H5T_decode(size_t buf_size, const unsigned char *buf); - H5_DLL herr_t H5T_debug(const H5T_t *dt, FILE * stream); - H5_DLL struct H5O_loc_t *H5T_oloc(H5T_t *dt); - H5_DLL H5G_name_t *H5T_nameof(H5T_t *dt); --- -2.23.0 - diff --git a/CVE-2018-13867.patch b/CVE-2018-13867.patch new file mode 100644 index 0000000000000000000000000000000000000000..6ab8423e3fe8fad9ff5727e16aa9e2edd8a40780 --- /dev/null +++ b/CVE-2018-13867.patch @@ -0,0 +1,85 @@ +From 1750b4b0af5158009aa2f861c65fb4bf8fc364de Mon Sep 17 00:00:00 2001 +From: Egbert Eich +Date: Fri, 11 Nov 2022 06:24:56 +0100 +Subject: [PATCH] Validate location (offset) of the accumulated metadata when + comparing (#2231) + +Initially, the accumulated metadata location is initialized to HADDR_UNDEF +- the highest available address. Bogus input files may provide a location +or size matching this value. Comparing this address against such bogus +values may provide false positives. This make sure, the value has been +initilized or fail the comparison early and let other parts of the +code deal with the bogus address/size. +Note: To avoid unnecessary checks, we have assumed that if the 'dirty' +member in the same structure is true the location is valid. + +This fixes CVE-2018-13867 / Bug #2230. + +Signed-off-by: Egbert Eich +--- + release_docs/RELEASE.txt | 15 +++++++++++++++ + src/H5Faccum.c | 16 +++++++++------- + 2 files changed, 24 insertions(+), 7 deletions(-) + +diff --git a/src/H5Faccum.c b/src/H5Faccum.c +index 9e3dfda9ec..5e39215560 100644 +--- a/src/H5Faccum.c ++++ b/src/H5Faccum.c +@@ -125,8 +125,9 @@ H5F__accum_read(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t si + HDassert(!accum->buf || (accum->alloc_size >= accum->size)); + + /* Current read adjoins or overlaps with metadata accumulator */ +- if (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) || +- (accum->loc + accum->size) == addr) { ++ if (H5F_addr_defined(accum->loc) && ++ (H5F_addr_overlap(addr, size, accum->loc, accum->size) || ((addr + size) == accum->loc) || ++ (accum->loc + accum->size) == addr)) { + size_t amount_before; /* Amount to read before current accumulator */ + haddr_t new_addr; /* New address of the accumulator buffer */ + size_t new_size; /* New size of the accumulator buffer */ +@@ -438,7 +439,7 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s + /* Check if there is already metadata in the accumulator */ + if (accum->size > 0) { + /* Check if the new metadata adjoins the beginning of the current accumulator */ +- if ((addr + size) == accum->loc) { ++ if (H5F_addr_defined(accum->loc) && (addr + size) == accum->loc) { + /* Check if we need to adjust accumulator size */ + if (H5F__accum_adjust(accum, file, H5F_ACCUM_PREPEND, size) < 0) + HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator") +@@ -463,7 +464,7 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s + accum->dirty_off = 0; + } /* end if */ + /* Check if the new metadata adjoins the end of the current accumulator */ +- else if (addr == (accum->loc + accum->size)) { ++ else if (H5F_addr_defined(accum->loc) && addr == (accum->loc + accum->size)) { + /* Check if we need to adjust accumulator size */ + if (H5F__accum_adjust(accum, file, H5F_ACCUM_APPEND, size) < 0) + HGOTO_ERROR(H5E_IO, H5E_CANTRESIZE, FAIL, "can't adjust metadata accumulator") +@@ -484,7 +485,8 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s + accum->size += size; + } /* end if */ + /* Check if the piece of metadata being written overlaps the metadata accumulator */ +- else if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) { ++ else if (H5F_addr_defined(accum->loc) && ++ H5F_addr_overlap(addr, size, accum->loc, accum->size)) { + size_t add_size; /* New size of the accumulator buffer */ + + /* Check if the new metadata is entirely within the current accumulator */ +@@ -744,7 +746,7 @@ H5F__accum_write(H5F_shared_t *f_sh, H5FD_mem_t map_type, haddr_t addr, size_t s + /* (Note that this could be improved by updating the accumulator + * with [some of] the information just read in. -QAK) + */ +- if (H5F_addr_overlap(addr, size, accum->loc, accum->size)) { ++ if (H5F_addr_defined(accum->loc) && H5F_addr_overlap(addr, size, accum->loc, accum->size)) { + /* Check for write starting before beginning of accumulator */ + if (H5F_addr_le(addr, accum->loc)) { + /* Check for write ending within accumulator */ +@@ -866,7 +868,7 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr + file = f_sh->lf; + + /* Adjust the metadata accumulator to remove the freed block, if it overlaps */ +- if ((f_sh->feature_flags & H5FD_FEAT_ACCUMULATE_METADATA) && ++ if ((f_sh->feature_flags & H5FD_FEAT_ACCUMULATE_METADATA) && H5F_addr_defined(accum->loc) && + H5F_addr_overlap(addr, size, accum->loc, accum->size)) { + size_t overlap_size; /* Size of overlap with accumulator */ + diff --git a/CVE-2018-13869-CVE-2018-13870.patch b/CVE-2018-13869-CVE-2018-13870.patch deleted file mode 100644 index b23e8fafc4ac7dde9b5b00ed184250e9444e836c..0000000000000000000000000000000000000000 --- a/CVE-2018-13869-CVE-2018-13870.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 068fc878c39a37c0b3865cb6cd01eb57f4dbde74 Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Mon, 3 Aug 2020 12:48:58 -0500 -Subject: [PATCH] Fix HDFFV-11120 and HDFFV-11121 (CVE-2018-13870 and - CVE-2018-13869) - -Description: - When a buffer overflow occurred because a name length was corrupted - and became very large, h5dump produced a segfault on one file and a - memcpy parameter overlap on another file. This commit added checks - that detect a read pass the end of the buffer to prevent these error - conditions. -Platforms tested: - Linux/64 (jelly) - ---- - src/H5Olink.c | 19 ++++++++++++++++++- - 1 file changed, 18 insertions(+), 1 deletion(-) - -diff --git a/src/H5Olink.c b/src/H5Olink.c -index c0dd1d8c4b..e48ec45c74 100644 ---- a/src/H5Olink.c -+++ b/src/H5Olink.c -@@ -118,11 +118,12 @@ H5FL_DEFINE_STATIC(H5O_link_t); - static void * - H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *open_oh, - unsigned H5_ATTR_UNUSED mesg_flags, unsigned H5_ATTR_UNUSED *ioflags, -- size_t H5_ATTR_UNUSED p_size, const uint8_t *p) -+ size_t p_size, const uint8_t *p) - { - H5O_link_t *lnk = NULL; /* Pointer to link message */ - size_t len = 0; /* Length of a string in the message */ - unsigned char link_flags; /* Flags for encoding link info */ -+ const uint8_t *p_end = p + p_size; /* End of the p buffer */ - void *ret_value; /* Return value */ - - FUNC_ENTER_NOAPI_NOINIT -@@ -198,6 +199,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op - if(len == 0) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid name length") - -+ /* Make sure that length doesn't exceed buffer size, which could occur -+ when the file is corrupted */ -+ if(p + len > p_end) -+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") -+ - /* Get the link's name */ - if(NULL == (lnk->name = (char *)H5MM_malloc(len + 1))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -@@ -217,6 +223,12 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op - UINT16DECODE(p, len) - if(len == 0) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, NULL, "invalid link length") -+ -+ /* Make sure that length doesn't exceed buffer size, which could occur -+ when the file is corrupted */ -+ if(p + len > p_end) -+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") -+ - if(NULL == (lnk->u.soft.name = (char *)H5MM_malloc((size_t)len + 1))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - HDmemcpy(lnk->u.soft.name, p, len); -@@ -237,6 +249,11 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op - lnk->u.ud.size = len; - if(len > 0) - { -+ /* Make sure that length doesn't exceed buffer size, which could -+ occur when the file is corrupted */ -+ if(p + len > p_end) -+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "name length causes read past end of buffer") -+ - if(NULL == (lnk->u.ud.udata = H5MM_malloc((size_t)len))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - HDmemcpy(lnk->u.ud.udata, p, len); --- -2.23.0 - diff --git a/CVE-2018-13873.patch b/CVE-2018-13873.patch deleted file mode 100644 index 1ee65dc1cf50c17d001a920d507fc397cb56a238..0000000000000000000000000000000000000000 --- a/CVE-2018-13873.patch +++ /dev/null @@ -1,54 +0,0 @@ -From e1b59919bb96f68f3b372a73790ecbe4ac3b395a Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Sun, 6 Jan 2019 01:44:40 -0600 -Subject: [PATCH] HDFFV-10578 and HDFFV-10676 Description: HDFFV-10578 - - CVE-2018-17234 The file has some issue, however, there was a bug in - h5dump that caused memory leaks after the problem in the file was - encountered. The bug was that an if statement was missing in the - function table_list_add() resulting in the memory not being freed at - a later time. After the fix had been applied, there were no more - leaks after h5dump detected the issue in the file and reported the - error. - - In H5O__chunk_deserialize, replaced an assert with an if statement - and reporting error, per Neil's recommendation - - HDFFV-10676 - CVE-2018-13873 - Also in H5O__chunk_deserialize, added an assertion to detect - out of bound ids ---- - src/H5Ocache.c | 5 ++++- - tools/src/h5dump/h5dump.c | 7 ++++--- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/H5Ocache.c b/src/H5Ocache.c -index fba4f6e586..034048fd4e 100644 ---- a/src/H5Ocache.c -+++ b/src/H5Ocache.c -@@ -1129,6 +1129,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") - if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN)) - HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message") -+ -+ HDassert(id < NELMTS(H5O_msg_class_g)); - if((flags & H5O_MSG_FLAG_SHAREABLE) - && H5O_msg_class_g[id] - && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE)) -diff --git a/tools/src/h5dump/h5dump.c b/tools/src/h5dump/h5dump.c -index b9e37e8379..5267188dad 100644 ---- a/tools/h5dump/h5dump.c -+++ b/tools/h5dump/h5dump.c -@@ -403,9 +403,10 @@ table_list_add(hid_t oid, unsigned long file_no) - } - if(init_objs(oid, &info, &table_list.tables[idx].group_table, - &table_list.tables[idx].dset_table, &table_list.tables[idx].type_table) < 0) { -- H5Idec_ref(oid); -- table_list.nused--; -- return -1; -+ if (H5Idec_ref(oid) < 0) { -+ table_list.nused--; -+ return -1; -+ } - } - - #ifdef H5DUMP_DEBUG diff --git a/CVE-2018-14031.patch b/CVE-2018-14031.patch index 472ca26b832f33703855c231d04cedac990b8ddc..1b69f16cd81b806cf505bed4e3383c2906264521 100644 --- a/CVE-2018-14031.patch +++ b/CVE-2018-14031.patch @@ -1,26 +1,32 @@ -From 25492f3cac49e611456165fe1f36777b699a73ec Mon Sep 17 00:00:00 2001 +From b42c5bb8758d1c28aba53405f55f4a59244ae938 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> -Date: Fri, 31 Mar 2023 11:31:34 +0800 -Subject: [PATCH 1/1] H5O_dtype_decode_helper: Parent of enum needs to have same size as enum itself (#2237) +Date: Thu, 25 May 2023 19:18:28 +0800 +Subject: [PATCH 1/1] H5O_dtype_decode_helper: Parent of enum needs to have same + size as enum itself (#2237) The size of the enumeration values is determined by the size of the parent. -Functions accessing the enumeration values use the size of the enumeration to determine the size of each element and how much data to copy. Thus the size of the enumeration and its parent need to match. +Functions accessing the enumeration values use the size of the enumeration +to determine the size of each element and how much data to copy. Thus the +size of the enumeration and its parent need to match. Check here to avoid unpleasant surprises later. This fixes CVE-2018-14031 / Bug #2236. Signed-off-by: Egbert Eich + +Origin: +https://github.com/HDFGroup/hdf5/commit/0f94940f1a9ae95de38b70709eb413511b76c73b --- src/H5Odtype.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/H5Odtype.c b/src/H5Odtype.c -index 85fbef4..513412f 100644 +index ac03410..82d1fe3 100644 --- a/src/H5Odtype.c +++ b/src/H5Odtype.c -@@ -459,6 +459,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags/*in,out*/, const uint8_t **p +@@ -458,6 +458,8 @@ H5O_dtype_decode_helper(H5F_t *f, unsigned *ioflags /*in,out*/, const uint8_t ** HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, FAIL, "memory allocation failed") - if(H5O_dtype_decode_helper(f, ioflags, pp, dt->shared->parent) < 0) + if (H5O_dtype_decode_helper(f, ioflags, pp, dt->shared->parent) < 0) HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, FAIL, "unable to decode parent datatype") + if (dt->shared->parent->shared->size != dt->shared->size) + HGOTO_ERROR(H5E_DATATYPE, H5E_BADSIZE, FAIL, "ENUM datatype size does not match parent") diff --git a/CVE-2018-16438.patch b/CVE-2018-16438.patch index e87120ba2cdee5bb10c72b786ecccb6d40b12f7c..f302f2b417ca9c1bfa40b86a5530e5e8dfaf0a5c 100644 --- a/CVE-2018-16438.patch +++ b/CVE-2018-16438.patch @@ -1,31 +1,38 @@ -From 03c87bad2d7505e9d2709c0cd5483c4e1977e67d Mon Sep 17 00:00:00 2001 +From 619dfc62ccfd0d579c1de60e0f160b9ac9f1d2a9 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> -Date: Fri, 31 Mar 2023 10:56:39 +0800 -Subject: [PATCH 1/1] Make sure info block for external links has at least 3 bytes (#2234) +Date: Thu, 25 May 2023 19:21:49 +0800 +Subject: [PATCH 1/1] Make sure info block for external links has at least 3 bytes + (#2234) -According to the specification, the information block for external links contains 1 byte of version/flag information and two 0 terminated strings for the object linked to and the full path. -Although not very useful, the minimum string length for each (with terminating 0) would be one byte. +According to the specification, the information block for external links +contains 1 byte of version/flag information and two 0 terminated strings +for the object linked to and the full path. +Although not very useful, the minimum string length for each (with +terminating 0) would be one byte. Checking this will help to avoid SEGVs triggered by bogus files. This fixes CVE-2018-16438 / Bug #2233. Signed-off-by: Egbert Eich + +Origin: +https://github.com/HDFGroup/hdf5/commit/34ec3bb7bc129f52bda4d82601f3bce65426459d --- src/H5Olink.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/H5Olink.c b/src/H5Olink.c -index e48ec45..3437286 100644 +index 1c9579b..4c1fd11 100644 --- a/src/H5Olink.c +++ b/src/H5Olink.c -@@ -247,6 +247,8 @@ H5O_link_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED *op +@@ -240,6 +240,8 @@ H5O__link_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE + /* A UD link. Get the user-supplied data */ UINT16DECODE(p, len) - lnk->u.ud.size = len; + if (lnk->type == H5L_TYPE_EXTERNAL && len < 3) -+ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "external link information lenght < 3") - if(len > 0) - { ++ HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "external link information length < 3") + lnk->u.ud.size = len; + if (len > 0) { /* Make sure that length doesn't exceed buffer size, which could -- 2.30.0 diff --git a/CVE-2018-17233.patch b/CVE-2018-17233.patch deleted file mode 100644 index 0f2bd276c5df16500b35da837c3ac8b4094c99b7..0000000000000000000000000000000000000000 --- a/CVE-2018-17233.patch +++ /dev/null @@ -1,88 +0,0 @@ -From f891c38c6e724e9032a534512618b9650be76377 Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Fri, 4 Jan 2019 11:46:29 -0600 -Subject: [PATCH] Fixed CVE division-by-zero issues Description: Fixed - HDFFV-10577 and similar issues found in H5Dchunk.c. All the occurrences - are in: H5D__create_chunk_map_single - H5D__create_chunk_file_map_hyper H5D__chunk_allocate - H5D__chunk_update_old_edge_chunks H5D__chunk_prune_by_extent - H5D__chunk_copy_cb H5D__chunk_collective_fill Also updated - RELEASE.txt for the chunk query functions and removed some blank lines in - chunk_info.c. Platforms tested: Linux/64 (jelly) Linux/64 (platypus) - Darwin (osx1010test) - ---- - src/H5Dchunk.c | 20 +++++++++++++++++++- - 1 file changed, 19 insertions(+), 1 deletion(-) - -diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c -index 021335f..1dc7a25 100644 ---- a/src/H5Dchunk.c -+++ b/src/H5Dchunk.c -@@ -1380,6 +1380,9 @@ H5D__create_chunk_map_single(H5D_chunk_map_t *fm, const H5D_io_info_t - - /* Set chunk location & hyperslab size */ - for(u = 0; u < fm->f_ndims; u++) { -+ /* Validate this chunk dimension */ -+ if(fm->layout->u.chunk.dim[u] == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u) - HDassert(sel_start[u] == sel_end[u]); - chunk_info->coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u]; - } /* end for */ -@@ -1465,6 +1468,9 @@ H5D__create_chunk_file_map_hyper(H5D_chunk_map_t *fm, const H5D_io_info_t - - /* Set initial chunk location & hyperslab size */ - for(u = 0; u < fm->f_ndims; u++) { -+ /* Validate this chunk dimension */ -+ if(fm->layout->u.chunk.dim[u] == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", u) - start_coords[u] = (sel_start[u] / fm->layout->u.chunk.dim[u]) * fm->layout->u.chunk.dim[u]; - coords[u] = start_coords[u]; - end[u] = (coords[u] + fm->chunk_dim[u]) - 1; -@@ -3595,6 +3601,9 @@ H5D__chunk_allocate(const H5D_t *dset, hid_t dxpl_id, hbool_t full_overwrite, - * that we assume here that all elements of space_dim are > 0. This is - * checked at the top of this function */ - for(op_dim=0; op_dim 0, dim = %u ", op_dim) - min_unalloc[op_dim] = ((old_dim[op_dim] + chunk_dim[op_dim] - 1) - / chunk_dim[op_dim]) * chunk_dim[op_dim]; - max_unalloc[op_dim] = ((space_dim[op_dim] - 1) / chunk_dim[op_dim]) -@@ -3865,6 +3874,8 @@ H5D__chunk_collective_fill(const H5D_t *dset, hid_t dxpl_id, - HGOTO_ERROR(H5E_PLIST, H5E_CANTCOPY, FAIL, "can't copy property list") - - /* Distribute evenly the number of blocks between processes. */ -+ if(mpi_size == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "Resulted in division by zero") - num_blocks = chunk_info->num_io / mpi_size; /* value should be the same on all procs */ - - /* after evenly distributing the blocks between processes, are -@@ -4324,6 +4335,10 @@ H5D__chunk_prune_by_extent(H5D_t *dset, hid_t dxpl_id, const hsize_t *old_dim) - HDmemset(min_mod_chunk_off, 0, sizeof(min_mod_chunk_off)); - HDmemset(max_mod_chunk_off, 0, sizeof(max_mod_chunk_off)); - for(op_dim = 0; op_dim < space_ndims; op_dim++) { -+ /* Validate this chunk dimension */ -+ if(chunk_dim[op_dim] == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "chunk size must be > 0, dim = %u ", op_dim) -+ - /* Calculate the largest offset of chunks that might need to be - * modified in this dimension */ - max_mod_chunk_off[op_dim] = chunk_dim[op_dim] * ((old_dim[op_dim] - 1) -@@ -4929,9 +4944,12 @@ H5D__chunk_copy_cb(const H5D_chunk_rec_t *chunk_rec, void *_udata) - /* (background buffer has already been zeroed out, if not expanding) */ - if(udata->cpy_info->expand_ref) { - size_t ref_count; -+ size_t dt_size; - - /* Determine # of reference elements to copy */ -- ref_count = nbytes / H5T_get_size(udata->dt_src); -+ if((dt_size = H5T_get_size(udata->dt_src)) == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, FAIL, "size must not be 0") -+ ref_count = nbytes / dt_size; - - /* Copy the reference elements */ - if(H5O_copy_expand_ref(udata->file_src, buf, udata->idx_info_dst->dxpl_id, udata->idx_info_dst->f, bkg, ref_count, H5T_get_ref_type(udata->dt_src), udata->cpy_info) < 0) --- -2.23.0 - diff --git a/CVE-2018-17234.patch b/CVE-2018-17234.patch deleted file mode 100644 index 31d893793315af7a03d8cad1791c3cb81b8b9354..0000000000000000000000000000000000000000 --- a/CVE-2018-17234.patch +++ /dev/null @@ -1,84 +0,0 @@ -From f4138013dbc6851e968ea3d37b32776538ef306b Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Tue, 15 Jan 2019 13:07:22 -0600 -Subject: [PATCH] Fixed HDFFV-10578 - -Description: - - HDFFV-10578 - CVE-2018-17234 Memory leak in H5O__chunk_deserialize() - Actually, the leak was in h5tools_util. Applied Neil's fix. - - Changed an assert to if/HGOTO_ERROR to fail gracefully. -Platforms tested: - Linux/64 (jelly) - Linux/64 (platypus) - Darwin (osx1010test) ---- - src/H5Ocache.c | 3 ++- - src/H5VM.c | 2 +- - tools/lib/h5tools_utils.c | 17 ++++++++++++++++- - 3 files changed, 19 insertions(+), 3 deletions(-) - -diff --git a/src/H5Ocache.c b/src/H5Ocache.c -index ebae3f5..454b287 100644 ---- a/src/H5Ocache.c -+++ b/src/H5Ocache.c -@@ -1116,7 +1116,8 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, - - /* Message size */ - UINT16DECODE(p, mesg_size); -- HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size)); -+ if(mesg_size != H5O_ALIGN_OH(oh, mesg_size)) -+ HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned") - - /* Message flags */ - flags = *p++; -diff --git a/src/H5VM.c b/src/H5VM.c -index 4e48001..db6362c 100644 ---- a/src/H5VM.c -+++ b/src/H5VM.c -@@ -1503,7 +1503,7 @@ done: - * - * Purpose: Given source and destination buffers in memory (SRC & DST) - * copy sequences of from the source buffer into the destination -- * buffer. Each set of sequnces has an array of lengths, an -+ * buffer. Each set of sequences has an array of lengths, an - * array of offsets, the maximum number of sequences and the - * current sequence to start at in the sequence. - * -diff --git a/tools/lib/h5tools_utils.c b/tools/lib/h5tools_utils.c -index 3f66ef6..2e19bfa 100644 ---- a/tools/lib/h5tools_utils.c -+++ b/tools/lib/h5tools_utils.c -@@ -562,6 +562,8 @@ herr_t - init_objs(hid_t fid, find_objs_t *info, table_t **group_table, - table_t **dset_table, table_t **type_table) - { -+ herr_t ret_value = SUCCEED; -+ - /* Initialize the tables */ - init_table(group_table); - init_table(dset_table); -@@ -574,7 +576,20 @@ init_objs(hid_t fid, find_objs_t *info, table_t **group_table, - info->dset_table = *dset_table; - - /* Find all shared objects */ -- return(h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)); -+ if((ret_value = h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info)) <0) -+ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "finding shared objects failed") -+ -+done: -+ /* Release resources */ -+ if(ret_value < 0) { -+ free_table(*group_table); -+ info->group_table = NULL; -+ free_table(*type_table); -+ info->type_table = NULL; -+ free_table(*dset_table); -+ info->dset_table = NULL; -+ } -+ return ret_value; - } - - --- -2.23.0 - diff --git a/CVE-2018-17237.patch b/CVE-2018-17237.patch deleted file mode 100644 index 51d78e942bc3f3fb5af109528aa87af3bd90664a..0000000000000000000000000000000000000000 --- a/CVE-2018-17237.patch +++ /dev/null @@ -1,247 +0,0 @@ -From 4e31361dad4add06792b652dbe5b97e501f9031d Mon Sep 17 00:00:00 2001 -From: Songyu Lu -Date: Tue, 12 Feb 2019 13:48:49 -0600 -Subject: [PATCH] I'm bringing the fixes for the following Jira issues from the - develop branch to 1.10 branch: HDFFV-10571: Divided by Zero vulnerability. - HDFFV-10601: Issues with chunk cache hash value calcuation. HDFFV-10607: - Patches for warnings in the core libraries. HDFFV-10635: HDF5 library - segmentation fault with H5Sselect_element. - ---- - src/H5Dchunk.c | 3 ++ - src/H5HG.c | 8 +++- - src/H5Olayout.c | 8 +++- - src/H5RS.c | 4 +- - src/H5RSprivate.h | 2 +- - test/tvlstr.c | 102 ++++++++++++++++++++++++++++++++++++++++++++++ - 6 files changed, 122 insertions(+), 5 deletions(-) - -diff --git a/src/H5Dchunk.c b/src/H5Dchunk.c -index 021335f..6183ad8 100644 ---- a/src/H5Dchunk.c -+++ b/src/H5Dchunk.c -@@ -641,6 +641,9 @@ H5D__chunk_set_info_real(H5O_layout_chunk_t *layout, unsigned ndims, const hsize - - /* Compute the # of chunks in dataset dimensions */ - for(u = 0, layout->nchunks = 1; u < ndims; u++) { -+ /* Sanity check */ -+ HDassert(layout->dim[u] > 0); -+ - /* Round up to the next integer # of chunks, to accomodate partial chunks */ - layout->chunks[u] = ((curr_dims[u] + layout->dim[u]) - 1) / layout->dim[u]; - -diff --git a/src/H5HG.c b/src/H5HG.c -index 194e4eb..e07ca0e 100644 ---- a/src/H5HG.c -+++ b/src/H5HG.c -@@ -757,7 +757,13 @@ H5HG_remove (H5F_t *f, hid_t dxpl_id, H5HG_t *hobj) - HGOTO_ERROR(H5E_HEAP, H5E_CANTPROTECT, FAIL, "unable to protect global heap") - - HDassert(hobj->idx < heap->nused); -- HDassert(heap->obj[hobj->idx].begin); -+ /* When the application selects the same location to rewrite the VL element by using H5Sselect_elements, -+ * it can happen that the entry has been removed by first rewrite. Here we simply skip the removal of -+ * the entry and let the second rewrite happen (see HDFFV-10635). In the future, it'd be nice to handle -+ * this situation in H5T_conv_vlen in H5Tconv.c instead of this level (HDFFV-10648). */ -+ if(heap->obj[hobj->idx].nrefs == 0 && heap->obj[hobj->idx].size == 0 && !heap->obj[hobj->idx].begin) -+ HGOTO_DONE(ret_value) -+ - obj_start = heap->obj[hobj->idx].begin; - /* Include object header size */ - need = H5HG_ALIGN(heap->obj[hobj->idx].size) + H5HG_SIZEOF_OBJHDR(f); -diff --git a/src/H5Olayout.c b/src/H5Olayout.c -index 17385c2..3bbee12 100644 ---- a/src/H5Olayout.c -+++ b/src/H5Olayout.c -@@ -223,9 +223,15 @@ H5O_layout_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED * - H5F_addr_decode(f, &p, &(mesg->storage.u.chunk.idx_addr)); - - /* Chunk dimensions */ -- for(u = 0; u < mesg->u.chunk.ndims; u++) -+ for(u = 0; u < mesg->u.chunk.ndims; u++) { - UINT32DECODE(p, mesg->u.chunk.dim[u]); - -+ /* Just in case that something goes very wrong, such as file corruption. */ -+ if(mesg->u.chunk.dim[u] == 0) -+ HGOTO_ERROR(H5E_DATASET, H5E_BADVALUE, NULL, "chunk dimension must be positive: mesg->u.chunk.dim[%u] = %u", -+ u, mesg->u.chunk.dim[u]) -+ } /* end for */ -+ - /* Compute chunk size */ - for(u = 1, mesg->u.chunk.size = mesg->u.chunk.dim[0]; u < mesg->u.chunk.ndims; u++) - mesg->u.chunk.size *= mesg->u.chunk.dim[u]; -diff --git a/src/H5RS.c b/src/H5RS.c -index 0a3fff0..ae500c5 100644 ---- a/src/H5RS.c -+++ b/src/H5RS.c -@@ -137,7 +137,7 @@ done: - REVISION LOG - --------------------------------------------------------------------------*/ - H5RS_str_t * --H5RS_wrap(char *s) -+H5RS_wrap(const char *s) - { - H5RS_str_t *ret_value; /* Return value */ - -@@ -148,7 +148,7 @@ H5RS_wrap(char *s) - HGOTO_ERROR(H5E_RS, H5E_NOSPACE, NULL, "memory allocation failed") - - /* Set the internal fields */ -- ret_value->s = s; -+ ret_value->s = (char *)s; - ret_value->wrapped = 1; - ret_value->n = 1; - -diff --git a/src/H5RSprivate.h b/src/H5RSprivate.h -index f69624a..1d26a18 100644 ---- a/src/H5RSprivate.h -+++ b/src/H5RSprivate.h -@@ -44,7 +44,7 @@ typedef struct H5RS_str_t H5RS_str_t; - /* Private routines */ - /********************/ - H5_DLL H5RS_str_t *H5RS_create(const char *s); --H5_DLL H5RS_str_t *H5RS_wrap(char *s); -+H5_DLL H5RS_str_t *H5RS_wrap(const char *s); - H5_DLL H5RS_str_t *H5RS_own(char *s); - H5_DLL herr_t H5RS_decr(H5RS_str_t *rs); - H5_DLL herr_t H5RS_incr(H5RS_str_t *rs); -diff --git a/test/tvlstr.c b/test/tvlstr.c -index e5b2a60..bb860a2 100644 ---- a/test/tvlstr.c -+++ b/test/tvlstr.c -@@ -25,10 +25,14 @@ - - #define DATAFILE "tvlstr.h5" - #define DATAFILE2 "tvlstr2.h5" -+#define DATAFILE3 "sel2el.h5" -+ -+#define DATASET "1Darray" - - /* 1-D dataset with fixed dimensions */ - #define SPACE1_RANK 1 - #define SPACE1_DIM1 4 -+#define NUMP 4 - - #define VLSTR_TYPE "vl_string_type" - -@@ -846,6 +850,101 @@ static void test_vl_rewrite(void) - return; - } /* end test_vl_rewrite() */ - -+/**************************************************************** -+ ** -+ ** test_write_same_element(): -+ ** Tests writing to the same element of VL string using -+ ** H5Sselect_element. -+ ** -+ ****************************************************************/ -+static void test_write_same_element(void) -+{ -+ hid_t file1, dataset1; -+ hid_t mspace, fspace, dtype; -+ hsize_t fdim[] = {SPACE1_DIM1}; -+ char *val[SPACE1_DIM1] = {"But", "reuniting", "is a", "great joy"}; -+ hsize_t marray[] = {NUMP}; -+ hsize_t coord[SPACE1_RANK][NUMP]; -+ herr_t ret; -+ -+ char *wdata[SPACE1_DIM1] = {"Parting", "is such a", "sweet", "sorrow."}; -+ -+ file1 = H5Fcreate(DATAFILE3, H5F_ACC_TRUNC, H5P_DEFAULT, H5P_DEFAULT); -+ CHECK(file1, FAIL, "H5Fcreate"); -+ -+ dtype = H5Tcopy(H5T_C_S1); -+ CHECK(dtype, FAIL, "H5Tcopy"); -+ -+ ret = H5Tset_size(dtype, H5T_VARIABLE); -+ CHECK(ret, FAIL, "H5Tset_size"); -+ -+ fspace = H5Screate_simple(SPACE1_RANK, fdim, NULL); -+ CHECK(fspace, FAIL, "H5Screate_simple"); -+ -+ dataset1 = H5Dcreate(file1, DATASET, dtype, fspace, H5P_DEFAULT, -+ H5P_DEFAULT, H5P_DEFAULT); -+ CHECK(dataset1, FAIL, "H5Dcreate"); -+ -+ ret = H5Dwrite(dataset1, dtype, H5S_ALL, H5S_ALL, H5P_DEFAULT, wdata); -+ CHECK(ret, FAIL, "H5Dwrite"); -+ -+ ret = H5Dclose(dataset1); -+ CHECK(ret, FAIL, "H5Dclose"); -+ -+ ret = H5Tclose(dtype); -+ CHECK(ret, FAIL, "H5Tclose"); -+ -+ ret = H5Sclose(fspace); -+ CHECK(ret, FAIL, "H5Sclose"); -+ -+ ret = H5Fclose(file1); -+ CHECK(ret, FAIL, "H5Fclose"); -+ -+ /* -+ * Open the file. Select the same points, write values to those point locations. -+ */ -+ file1 = H5Fopen(DATAFILE3, H5F_ACC_RDWR, H5P_DEFAULT); -+ CHECK(file1, FAIL, "H5Fopen"); -+ -+ dataset1 = H5Dopen(file1, DATASET, H5P_DEFAULT); -+ CHECK(dataset1, FAIL, "H5Dopen"); -+ -+ fspace = H5Dget_space(dataset1); -+ CHECK(fspace, FAIL, "H5Dget_space"); -+ -+ dtype = H5Dget_type(dataset1); -+ CHECK(dtype, FAIL, "H5Dget_type"); -+ -+ mspace = H5Screate_simple(1, marray, NULL); -+ CHECK(mspace, FAIL, "H5Screate_simple"); -+ -+ coord[0][0] = 0; -+ coord[0][1] = 2; -+ coord[0][2] = 2; -+ coord[0][3] = 0; -+ -+ ret = H5Sselect_elements(fspace, H5S_SELECT_SET, NUMP, (const hsize_t *)&coord); -+ CHECK(ret, FAIL, "H5Sselect_elements"); -+ -+ ret = H5Dwrite(dataset1, dtype, mspace, fspace, H5P_DEFAULT, val); -+ CHECK(ret, FAIL, "H5Dwrite"); -+ -+ ret = H5Tclose(dtype); -+ CHECK(ret, FAIL, "H5Tclose"); -+ -+ ret = H5Dclose(dataset1); -+ CHECK(ret, FAIL, "H5Dclose"); -+ -+ ret = H5Sclose(fspace); -+ CHECK(ret, FAIL, "H5Dclose"); -+ -+ ret = H5Sclose(mspace); -+ CHECK(ret, FAIL, "H5Sclose"); -+ -+ ret = H5Fclose(file1); -+ CHECK(ret, FAIL, "H5Fclose"); -+} /* test_write_same_element */ -+ - /**************************************************************** - ** - ** test_vlstrings(): Main VL string testing routine. -@@ -870,6 +969,8 @@ test_vlstrings(void) - - /* Test writing VL datasets in files with lots of unlinking */ - test_vl_rewrite(); -+ /* Test writing to the same element more than once using H5Sselect_elements */ -+ test_write_same_element(); - } /* test_vlstrings() */ - - -@@ -892,5 +993,6 @@ cleanup_vlstrings(void) - { - HDremove(DATAFILE); - HDremove(DATAFILE2); -+ HDremove(DATAFILE3); - } - --- -2.23.0 - diff --git a/CVE-2018-17432.patch b/CVE-2018-17432.patch deleted file mode 100644 index a3e583667772f108c162c18d838bc68efa35b6c0..0000000000000000000000000000000000000000 --- a/CVE-2018-17432.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 7bfa10018ecf5efe54b4a699bb684d31468c8b42 Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Mon, 26 Oct 2020 08:36:27 -0500 -Subject: [PATCH] Fix HDFFV-10590 - -Description - This is to fix the CVE issue CVE-2018-17432. - h5repack produced a segfault on a corrupted file. This fix modified -the - dataspace encode and decode functions per Quincey's suggestion to -prevent - the segfault. h5repack only failed for the corrupted file now. -Platforms tested: - Linux/64 (jelly) - ---- - src/H5Osdspace.c | 23 +- - 1 files changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/H5Osdspace.c b/src/H5Osdspace.c -index 627ea190a3..6e34960d87 100644 ---- a/src/H5Osdspace.c -+++ b/src/H5Osdspace.c -@@ -143,8 +143,11 @@ H5O_sdspace_decode(H5F_t *f, hid_t H5_ATTR_UNUSED dxpl_id, H5O_t H5_ATTR_UNUSED - flags = *p++; - - /* Get or determine the type of the extent */ -- if(version >= H5O_SDSPACE_VERSION_2) -+ if(version >= H5O_SDSPACE_VERSION_2) { - sdim->type = (H5S_class_t)*p++; -+ if(sdim->type != H5S_SIMPLE && sdim->rank > 0) -+ HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "invalid rank for scalar or NULL dataspace") -+ } /* end if */ - else { - /* Set the dataspace type to be simple or scalar as appropriate */ - if(sdim->rank > 0) -@@ -267,14 +270,16 @@ H5O_sdspace_encode(H5F_t *f, uint8_t *p, const void *_mesg) - *p++ = 0; /*reserved*/ - } /* end else */ - -- /* Current & maximum dimensions */ -- if(sdim->rank > 0) { -- for(u = 0; u < sdim->rank; u++) -- H5F_ENCODE_LENGTH(f, p, sdim->size[u]); -- if(flags & H5S_VALID_MAX) { -- for(u = 0; u < sdim->rank; u++) -- H5F_ENCODE_LENGTH(f, p, sdim->max[u]); -- } /* end if */ -+ /* Encode dataspace dimensions for simple dataspaces */ -+ if(H5S_SIMPLE == sdim->type) { -+ /* Encode current & maximum dimensions */ -+ if(sdim->rank > 0) { -+ for(u = 0; u < sdim->rank; u++) -+ H5F_ENCODE_LENGTH(f, p, sdim->size[u]); -+ if(flags & H5S_VALID_MAX) -+ for(u = 0; u < sdim->rank; u++) -+ H5F_ENCODE_LENGTH(f, p, sdim->max[u]); -+ } /* end if */ - } /* end if */ - - FUNC_LEAVE_NOAPI(SUCCEED) diff --git a/CVE-2018-17434-CVE-2018-17437.patch b/CVE-2018-17434-CVE-2018-17437.patch deleted file mode 100644 index b57c6968ddb8af6880c13f4a1e2115364712cb33..0000000000000000000000000000000000000000 --- a/CVE-2018-17434-CVE-2018-17437.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 02d03b4624122955ee3de635699a4e3880fea377 Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Wed, 30 Jan 2019 20:04:30 -0600 -Subject: [PATCH] Fixed HDFFV-10586, HDFFV-10588, and HDFFV-10684 - -Description: - HDFFV-10586 CVE-2018-17434 Divide by zero in h5repack_filters - Added a check for zero value - HDFFV-10588 CVE-2018-17437 Memory leak in H5O_dtype_decode_helper - This is actually an Invalid read issue. It was found that the - attribute name length in an attribute message was corrupted, - which caused the buffer pointer to be advanced too far and later - caused an invalid read. - Added a check to detect attribute name and its length mismatch. The - fix does not cover all cases, but it'll reduce the chance of this issue - when a name length is corrupted or the attribute name is corrupted. - HDFFV-10684 H5Ewalk does not stop until all errors in the stack are visited - The test for HDFFV-10588 has revealed a bug in H5Ewalk. - H5Ewalk did not stop midway even when the call back function returns - H5_ITER_STOP. This is because a condition is missing from the for - loops in H5E__walk causing the callback functions unable to stop until - all the errors in the stack are iterated. Quincey advised on the final - fix. In this fix, "status" is switched to "ret_value" and HGOTO_ERROR - to HERROR, and the for loops won't continue when "ret_value" is not 0. -Platforms tested: - Linux/64 (jelly) - Linux/64 (platypus) - Darwin (osx1011test) ---- - src/H5E.c | 6 ++--- - src/H5Eint.c | 37 ++++++++++++++----------------- - src/H5Oattr.c | 5 +++++ - tools/h5repack/h5repack_filters.c | 6 +++-- - 4 files changed, 29 insertions(+), 25 deletions(-) - -diff --git a/src/H5E.c b/src/H5E.c -index a94c5bc..e8da166 100644 ---- a/src/H5E.c -+++ b/src/H5E.c -@@ -1471,7 +1471,7 @@ done: - * - * Purpose: Prints the error stack in some default way. This is just a - * convenience function for H5Ewalk() with a function that -- * prints error messages. Users are encouraged to write there -+ * prints error messages. Users are encouraged to write their - * own more specific error handlers. - * - * Return: Non-negative on success/Negative on failure -@@ -1553,8 +1553,8 @@ H5Ewalk2(hid_t err_stack, H5E_direction_t direction, H5E_walk2_t stack_func, voi - /* Walk the error stack */ - op.vers = 2; - op.u.func2 = stack_func; -- if(H5E_walk(estack, direction, &op, client_data) < 0) -- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") -+ if((ret_value = H5E_walk(estack, direction, &op, client_data)) < 0) -+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); - - done: - FUNC_LEAVE_API(ret_value) -diff --git a/src/H5Eint.c b/src/H5Eint.c -index 636866b..85edb90 100644 ---- a/src/H5Eint.c -+++ b/src/H5Eint.c -@@ -442,13 +442,13 @@ done: - /*------------------------------------------------------------------------- - * Function: H5E_print - * -- * Purpose: Private function to print the error stack in some default -+ * Purpose: Private function to print the error stack in some default - * way. This is just a convenience function for H5Ewalk() and - * H5Ewalk2() with a function that prints error messages. -- * Users are encouraged to write there own more specific error -+ * Users are encouraged to write their own more specific error - * handlers. - * -- * Return: Non-negative on success/Negative on failure -+ * Return: Non-negative on success/Negative on failure - * - * Programmer: Robb Matzke - * Friday, February 27, 1998 -@@ -533,9 +533,8 @@ herr_t - H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op, - void *client_data) - { -- int i; /* Local index variable */ -- herr_t status; /* Status from callback function */ -- herr_t ret_value = SUCCEED; /* Return value */ -+ int i; /* Local index variable */ -+ herr_t ret_value = H5_ITER_CONT; /* Return value */ - - FUNC_ENTER_NOAPI_NOINIT - -@@ -553,9 +552,8 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op - if(op->u.func1) { - H5E_error1_t old_err; - -- status = SUCCEED; - if(H5E_WALK_UPWARD == direction) { -- for(i = 0; i < (int)estack->nused && status >= 0; i++) { -+ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++) { - /* Point to each error record on the stack and pass it to callback function.*/ - old_err.maj_num = estack->slot[i].maj_num; - old_err.min_num = estack->slot[i].min_num; -@@ -564,12 +562,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op - old_err.desc = estack->slot[i].desc; - old_err.line = estack->slot[i].line; - -- status = (op->u.func1)(i, &old_err, client_data); -+ ret_value = (op->u.func1)(i, &old_err, client_data); - } /* end for */ - } /* end if */ - else { - H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int); -- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--) { -+ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--) { - /* Point to each error record on the stack and pass it to callback function.*/ - old_err.maj_num = estack->slot[i].maj_num; - old_err.min_num = estack->slot[i].min_num; -@@ -578,12 +576,12 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op - old_err.desc = estack->slot[i].desc; - old_err.line = estack->slot[i].line; - -- status = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data); -+ ret_value = (op->u.func1)((int)(estack->nused - (size_t)(i + 1)), &old_err, client_data); - } /* end for */ - } /* end else */ - -- if(status < 0) -- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") -+ if(ret_value < 0) -+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); - } /* end if */ - #else /* H5_NO_DEPRECATED_SYMBOLS */ - HDassert(0 && "version 1 error stack walk without deprecated symbols!"); -@@ -592,19 +590,18 @@ H5E_walk(const H5E_t *estack, H5E_direction_t direction, const H5E_walk_op_t *op - else { - HDassert(op->vers == 2); - if(op->u.func2) { -- status = SUCCEED; - if(H5E_WALK_UPWARD == direction) { -- for(i = 0; i < (int)estack->nused && status >= 0; i++) -- status = (op->u.func2)((unsigned)i, estack->slot + i, client_data); -+ for(i = 0; i < (int)estack->nused && ret_value == H5_ITER_CONT; i++) -+ ret_value = (op->u.func2)((unsigned)i, estack->slot + i, client_data); - } /* end if */ - else { - H5_CHECK_OVERFLOW(estack->nused - 1, size_t, int); -- for(i = (int)(estack->nused - 1); i >= 0 && status >= 0; i--) -- status = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data); -+ for(i = (int)(estack->nused - 1); i >= 0 && ret_value == H5_ITER_CONT; i--) -+ ret_value = (op->u.func2)((unsigned)(estack->nused - (size_t)(i + 1)), estack->slot + i, client_data); - } /* end else */ - -- if(status < 0) -- HGOTO_ERROR(H5E_ERROR, H5E_CANTLIST, FAIL, "can't walk error stack") -+ if(ret_value < 0) -+ HERROR(H5E_ERROR, H5E_CANTLIST, "can't walk error stack"); - } /* end if */ - } /* end else */ - -diff --git a/src/H5Oattr.c b/src/H5Oattr.c -index 149f04a..a8d2a31 100644 ---- a/src/H5Oattr.c -+++ b/src/H5Oattr.c -@@ -175,6 +175,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED - /* Decode and store the name */ - if(NULL == (attr->shared->name = H5MM_strdup((const char *)p))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") -+ -+ /* Make an attempt to detect corrupted name or name length - HDFFV-10588 */ -+ if(name_len != (HDstrlen(attr->shared->name) + 1)) -+ HGOTO_ERROR(H5E_ATTR, H5E_CANTDECODE, NULL, "attribute name has different length than stored length") -+ - if(attr->shared->version < H5O_ATTR_VERSION_2) - p += H5O_ALIGN_OLD(name_len); /* advance the memory pointer */ - else -diff --git a/tools/h5repack/h5repack_filters.c b/tools/h5repack/h5repack_filters.c -index 523f81a..1eea3e9 100644 ---- a/tools/h5repack/h5repack_filters.c -+++ b/tools/h5repack/h5repack_filters.c -@@ -333,12 +333,14 @@ int apply_filters(const char* name, /* object name from traverse list */ - - sm_nbytes = msize; - for (i = rank; i > 0; --i) { -- hsize_t size = H5TOOLS_BUFSIZE / sm_nbytes; -+ hsize_t size = 0; -+ if(sm_nbytes == 0) -+ HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "number of bytes per stripmine must be > 0"); -+ size = H5TOOLS_BUFSIZE / sm_nbytes; - if (size == 0) /* datum size > H5TOOLS_BUFSIZE */ - size = 1; - sm_size[i - 1] = MIN(dims[i - 1], size); - sm_nbytes *= sm_size[i - 1]; -- HDassert(sm_nbytes > 0); - } - - for (i = 0; i < rank; i++) { --- -2.23.0 - diff --git a/CVE-2018-17435.patch b/CVE-2018-17435.patch deleted file mode 100644 index f753fa2173b7ca49362f3b7c9834cdb4ded61824..0000000000000000000000000000000000000000 --- a/CVE-2018-17435.patch +++ /dev/null @@ -1,114 +0,0 @@ -From c12da4884f18dda4c9dbc23efd10eb053ec7cf0d Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Fri, 19 Jun 2020 10:53:32 -0500 -Subject: [PATCH] Fix HDFFV-10591 - -Description: - h52gif produced a segfault when a buffer overflow occurred because - the data size was corrupted and became very large. This commit -added - a check on the data size against the buffer size to prevent the -segfault. - It also added error reporting to h52gif to display an error message - instead of silently exiting when the failure occurred. -Platforms tested: - Linux/64 (jelly) - SunOS 5.11 (emu) - ---- - hl/src/H5IM.c | 3 ++- - hl/tools/gif2h5/hdf2gif.c | 19 +++++++++++++++---- - src/H5Oattr.c | 5 +++++ - 3 files changed, 22 insertions(+), 5 deletions(-) - -diff --git a/hl/src/H5IM.c b/hl/src/H5IM.c -index f76f029ae2..495f296625 100644 ---- a/hl/src/H5IM.c -+++ b/hl/src/H5IM.c -@@ -274,7 +274,8 @@ herr_t H5IMget_image_info( hid_t loc_id, - return -1; - - /* Try to find the attribute "INTERLACE_MODE" on the >>image<< dataset */ -- has_attr = H5LT_find_attribute(did, "INTERLACE_MODE"); -+ if ((has_attr = H5LT_find_attribute(did, "INTERLACE_MODE")) < 0) -+ goto out; - - /* It exists, get it */ - if(has_attr == 1) -diff --git a/hl/tools/gif2h5/hdf2gif.c b/hl/tools/gif2h5/hdf2gif.c -index ce9d8786f8..ec81194a71 100644 ---- a/hl/tools/gif2h5/hdf2gif.c -+++ b/hl/tools/gif2h5/hdf2gif.c -@@ -143,17 +143,22 @@ int main(int argc , char **argv) - goto out; - } - -- /* read image */ -+ /* get image's information */ - if ( H5IMget_image_info( fid, image_name, &width, &height, &planes, interlace, &npals ) < 0 ) -+ { -+ fprintf(stderr , "Unable to get information of the image. Aborting.\n"); - goto out; -+ } - -- if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX){ -+ if (width > IMAGE_WIDTH_MAX || height > IMAGE_HEIGHT_MAX) -+ { - fprintf(stderr, "HDF5 image is too large. Limit is %d by %d.\n", IMAGE_WIDTH_MAX, IMAGE_HEIGHT_MAX); - goto out; - } - - /* tool can handle single plane images only. */ -- if (planes > 1){ -+ if (planes > 1) -+ { - fprintf(stderr, "Cannot handle multiple planes image\n"); - goto out; - } -@@ -161,12 +166,18 @@ int main(int argc , char **argv) - Image = (BYTE*) malloc( (size_t) width * (size_t) height ); - - if ( H5IMread_image( fid, image_name, Image ) < 0 ) -+ { -+ fprintf(stderr , "Unable to read the image. Aborting.\n"); - goto out; -+ } - - if (npals) - { - if ( H5IMget_palette_info( fid, image_name, 0, pal_dims ) < 0 ) -+ { -+ fprintf(stderr , "Unable to get information of the palette. Aborting.\n"); - goto out; -+ } - - pal = (BYTE*) malloc( (size_t) pal_dims[0] * (size_t) pal_dims[1] ); - -@@ -240,7 +251,7 @@ int main(int argc , char **argv) - if (j==i) - { - /* wasn't found */ -- pc2nc[i] = (BYTE)nc; -+ pc2nc[i] = (BYTE)nc; - r1[nc] = Red[i]; - g1[nc] = Green[i]; - b1[nc] = Blue[i]; -diff --git a/src/H5Oattr.c b/src/H5Oattr.c -index 882912155a..a13c944264 100644 ---- a/src/H5Oattr.c -+++ b/src/H5Oattr.c -@@ -225,6 +225,11 @@ H5O_attr_decode(H5F_t *f, hid_t dxpl_id, H5O_t *open_oh, unsigned H5_ATTR_UNUSED - - /* Go get the data */ - if(attr->shared->data_size) { -+ /* Ensure that data size doesn't exceed buffer size, in case of -+ it's being corrupted in the file */ -+ if(attr->shared->data_size > p_size) -+ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, "data size exceeds buffer size") -+ - if(NULL == (attr->shared->data = H5FL_BLK_MALLOC(attr_buf, attr->shared->data_size))) - HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") - HDmemcpy(attr->shared->data, p, attr->shared->data_size); --- -2.23.0 - diff --git a/CVE-2018-17438.patch b/CVE-2018-17438.patch deleted file mode 100644 index ba973fd5585d269d809c285fcad2f4b74da0b154..0000000000000000000000000000000000000000 --- a/CVE-2018-17438.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 7add52ff4f2443357648d53d52add274d1b18b5f Mon Sep 17 00:00:00 2001 -From: Binh-Minh Ribler -Date: Wed, 20 Mar 2019 14:03:48 -0500 -Subject: [PATCH] Fixed HDFFV-10210 and HDFFV-10587 Description: - Added - parameter validation (HDFFV-10210) - Added detection of division by zero - (HDFFV-10587 - CVE-2018-17438) - Fixed typos in various tests Platforms - tested: Linux/64 (jelly) Linux/64 (platypus) Darwin (osx1011test) - ---- - src/H5Dselect.c | 2 ++ - src/H5I.c | 3 +++ - test/tid.c | 15 +++++++++++++++ - 3 files changed, 20 insertions(+) - -diff --git a/src/H5Dselect.c b/src/H5Dselect.c -index 7e86b9d..84cd849 100644 ---- a/src/H5Dselect.c -+++ b/src/H5Dselect.c -@@ -220,6 +220,8 @@ H5D__select_io(const H5D_io_info_t *io_info, size_t elmt_size, - - /* Decrement number of elements left to process */ - HDassert(((size_t)tmp_file_len % elmt_size) == 0); -+ if(elmt_size == 0) -+ HGOTO_ERROR(H5E_DATASPACE, H5E_BADVALUE, FAIL, "Resulted in division by zero") - nelmts -= ((size_t)tmp_file_len / elmt_size); - } /* end while */ - } /* end else */ -diff --git a/src/H5I.c b/src/H5I.c -index 2a4a38c..5cc8e69 100644 ---- a/src/H5I.c -+++ b/src/H5I.c -@@ -406,6 +406,9 @@ H5Itype_exists(H5I_type_t type) - FUNC_ENTER_API(FAIL) - H5TRACE1("t", "It", type); - -+ if(H5I_IS_LIB_TYPE(type)) -+ HGOTO_ERROR(H5E_ATOM, H5E_BADGROUP, FAIL, "cannot call public function on library type") -+ - if(type <= H5I_BADID || type >= H5I_next_type) - HGOTO_ERROR(H5E_ARGS, H5E_BADRANGE, FAIL, "invalid type number") - -diff --git a/test/tid.c b/test/tid.c -index c98514b..aca32fd 100644 ---- a/test/tid.c -+++ b/test/tid.c -@@ -224,6 +224,21 @@ static int basic_id_test(void) - goto out; - H5E_END_TRY - -+ /* Test that H5Itype_exists cannot be called on library types because -+ * it is a public function -+ */ -+ H5E_BEGIN_TRY -+ err = H5Itype_exists(H5I_GROUP); -+ if(err >= 0) -+ goto out; -+ H5E_END_TRY -+ -+ H5E_BEGIN_TRY -+ err = H5Itype_exists(H5I_ATTR); -+ if(err >= 0) -+ goto out; -+ H5E_END_TRY -+ - return 0; - - out: --- -2.23.0 - diff --git a/CVE-2019-8396.patch b/CVE-2019-8396.patch new file mode 100644 index 0000000000000000000000000000000000000000..8cba0d6cf07ac2d9372ba3e556a98f610351529f --- /dev/null +++ b/CVE-2019-8396.patch @@ -0,0 +1,92 @@ +From 8e5d36c7465699671b89023f752a378f5ee8b7cb Mon Sep 17 00:00:00 2001 +From: starlet-dx <15929766099@163.com> +Date: Tue, 28 Mar 2023 17:31:29 +0800 +Subject: [PATCH 1/1] H5O__pline_decode() Make more resilient to out-of-bounds read (#2210) + +Malformed hdf5 files may have trunkated content which does not match the expected size. When this function attempts to decode these it may read past the end of the allocated space leading to heap overflows as bounds checking is incomplete. +Make sure each element is within bounds before reading. + +This fixes CVE-2019-8396 / HDFFV-10712 / github bug #2209. + +Signed-off-by: Egbert Eich + +Signed-off-by: Egbert Eich +--- + src/H5Opline.c | 17 +++++++++++++++-- + src/H5private.h | 3 +++ + 2 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/src/H5Opline.c b/src/H5Opline.c +index 4b76da9..eacf81a 100644 +--- a/src/H5Opline.c ++++ b/src/H5Opline.c +@@ -110,6 +110,7 @@ H5FL_DEFINE(H5O_pline_t); + * + *------------------------------------------------------------------------- + */ ++ + static void * + H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, + unsigned H5_ATTR_UNUSED *ioflags, size_t p_size, const uint8_t *p) +@@ -131,6 +132,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign + HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, NULL, "memory allocation failed") + + /* Version */ ++ if (p + 4 - 1 > p_end) /* 4 byte is minimum for all versions */ ++ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "ran off the end of the buffer: current p = %p, p_end = %p", ++ p + 4, p_end) + pline->version = *p++; + if (pline->version < H5O_PLINE_VERSION_1 || pline->version > H5O_PLINE_VERSION_LATEST) + HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "bad version number for filter pipeline message") +@@ -159,6 +163,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign + /* Decode filters */ + for (i = 0, filter = &pline->filter[0]; i < pline->nused; i++, filter++) { + /* Filter ID */ ++ if (p + 6 - 1 > p_end) /* 6 bytes minimum */ ++ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, ++ "ran off the end of the buffer: current p = %p, p_end = %p", p + 6, p_end) + UINT16DECODE(p, filter->id); + + /* Length of filter name */ +@@ -168,6 +175,9 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign + UINT16DECODE(p, name_length); + if (pline->version == H5O_PLINE_VERSION_1 && name_length % 8) + HGOTO_ERROR(H5E_PLINE, H5E_CANTLOAD, NULL, "filter name length is not a multiple of eight") ++ if (p + 4 - 1 > p_end) /* with name_length 4 bytes to go */ ++ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, ++ "ran off the end of the buffer: current p = %p, p_end = %p", p + 4, p_end) + } /* end if */ + + /* Filter flags */ +@@ -179,9 +189,12 @@ H5O__pline_decode(H5F_t H5_ATTR_UNUSED *f, H5O_t H5_ATTR_UNUSED *open_oh, unsign + /* Filter name, if there is one */ + if (name_length) { + size_t actual_name_length; /* Actual length of name */ +- ++ size_t len = (size_t)(p_end - p + 1); + /* Determine actual name length (without padding, but with null terminator) */ +- actual_name_length = HDstrlen((const char *)p) + 1; ++ actual_name_length = HDstrnlen((const char *)p, len); ++ if (actual_name_length == len) ++ HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "filter name not null terminated") ++ actual_name_length += 1; /* include \0 byte */ + HDassert(actual_name_length <= name_length); + + /* Allocate space for the filter name, or use the internal buffer */ +diff --git a/src/H5private.h b/src/H5private.h +index 56ded14..58ccfef 100644 +--- a/src/H5private.h ++++ b/src/H5private.h +@@ -1444,6 +1444,9 @@ H5_DLL void HDsrand(unsigned int seed); + #ifndef HDstrlen + #define HDstrlen(S) strlen(S) + #endif /* HDstrlen */ ++#ifndef HDstrnlen ++#define HDstrnlen(S, L) strnlen(S, L) ++#endif + #ifndef HDstrncat + #define HDstrncat(X, Y, Z) strncat(X, Y, Z) + #endif /* HDstrncat */ +-- +2.30.0 + diff --git a/CVE-2020-10812.patch b/CVE-2020-10812.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3ad1fe94c79c8b51ceb81e10dab5603890d66c2 --- /dev/null +++ b/CVE-2020-10812.patch @@ -0,0 +1,43 @@ +From: Egbert Eich +Date: Wed Oct 5 09:44:02 2022 +0200 +Subject: Hot fix for CVE-2020-10812 +Patch-mainline: Not yet +Git-repo: ssh://eich@192.168.122.1:/home/eich/sources/HPC/hdf5 +Git-commit: 2465fc41d208d57eb0d7d025286a81664148fbaf +References: + +CVE-2020-10812 unveils a more fundamental design flaw in H5F__dest(): +this function returns FAIL if one of multiple operations fail (in this +case H5AC_prep_for_file_close()) while it still proceeds to prepare the +close operation, free the 'shared' member in struct H5F_t and ulimately +deallocate the structure itself. +When H5F__dest() signals back FAIL to the caller, the caller itself +(H5F_try_close() in this case) will fail. This failure is signalled +up the stack, thus the file will not be considered closed and another +attempt will be made to close it - latest in the exit handler. +The next attempt to close will however need the already deallocated +H5F_t structure and the H5T_shared_t structure in its 'shared' member, +however. +This fix papers over the failure of H5AC_prep_for_file_close() by not +changing the return status of H5F__dest() to fail. There are numerous +other opportunities where this will happen. +This may call for a more fundamental solution. + +Signed-off-by: Egbert Eich +Signed-off-by: Egbert Eich +--- + src/H5Fint.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) +diff --git a/src/H5Fint.c b/src/H5Fint.c +index 9b5613972f..01faf33495 100644 +--- a/src/H5Fint.c ++++ b/src/H5Fint.c +@@ -1413,7 +1413,7 @@ H5F__dest(H5F_t *f, hbool_t flush) + */ + if (H5AC_prep_for_file_close(f) < 0) + /* Push error, but keep going */ +- HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, FAIL, "metadata cache prep for close failed") ++ HDONE_ERROR(H5E_FILE, H5E_CANTFLUSH, ret_value, "metadata cache prep for close failed") + + /* Flush at this point since the file will be closed (phase 2). + * Only try to flush the file if it was opened with write access, and if diff --git a/CVE-2021-37501.patch b/CVE-2021-37501.patch new file mode 100644 index 0000000000000000000000000000000000000000..11ac938a14b46bc765d8d9c1701cabee861eccf6 --- /dev/null +++ b/CVE-2021-37501.patch @@ -0,0 +1,66 @@ +From: Egbert Eich +Date: Sat Feb 11 13:54:17 2023 +0100 +Subject: Check for overflow when calculating on-disk attribute data size (#2459) +Patch-mainline: Not yet +Git-repo: https://github.com/HDFGroup/hdf5 +Git-commit: 0d026daa13a81be72495872f651c036fdc84ae5e +References: + +A bogus hdf5 file may contain dataspace messages with sizes +which lead to the on-disk data sizes to exceed what is addressable. +When calculating the size, make sure, the multiplication does not +overflow. +The test case was crafted in a way that the overflow caused the +size to be 0. + +This fixes CVE-2021-37501 / Bug #2458. + +Signed-off-by: Egbert Eich +Signed-off-by: Egbert Eich +--- + src/H5Oattr.c | 3 +++ + src/H5private.h | 18 ++++++++++++++++++ + 2 files changed, 21 insertions(+) +diff --git a/src/H5Oattr.c b/src/H5Oattr.c +index 4dee7aa187..3ef0b99aa4 100644 +--- a/src/H5Oattr.c ++++ b/src/H5Oattr.c +@@ -235,6 +235,9 @@ H5O_attr_decode(H5F_t *f, H5O_t *open_oh, unsigned H5_ATTR_UNUSED mesg_flags, un + + /* Compute the size of the data */ + H5_CHECKED_ASSIGN(attr->shared->data_size, size_t, ds_size * (hsize_t)dt_size, hsize_t); ++ H5_CHECK_MUL_OVERFLOW(attr->shared->data_size, ds_size, dt_size, ++ HGOTO_ERROR(H5E_RESOURCE, H5E_OVERFLOW, NULL, ++ "data size exceeds addressable range")) + + /* Go get the data */ + if (attr->shared->data_size) { +diff --git a/src/H5private.h b/src/H5private.h +index 931d7b9046..a115aee1a4 100644 +--- a/src/H5private.h ++++ b/src/H5private.h +@@ -1605,6 +1605,24 @@ H5_DLL int HDvasprintf(char **bufp, const char *fmt, va_list _ap); + #define H5_CHECK_OVERFLOW(var, vartype, casttype) + #endif /* NDEBUG */ + ++/* ++ * A macro for checking whether a multiplication has overflown ++ * r is assumed to be the result of a prior multiplication of a and b ++ */ ++#define H5_CHECK_MUL_OVERFLOW(r, a, b, err) \ ++ { \ ++ bool mul_overflow = false; \ ++ if (r != 0) { \ ++ if (r / a != b) \ ++ mul_overflow = true; \ ++ } else { \ ++ if (a != 0 && b != 0) \ ++ mul_overflow = true; \ ++ } \ ++ if (mul_overflow) \ ++ err \ ++ } ++ + /* + * A macro for detecting over/under-flow when assigning between types + */ diff --git a/fix-compile-error.patch b/fix-compile-error.patch deleted file mode 100644 index 247d0538f5df86148f91e03020b0777a227e64fc..0000000000000000000000000000000000000000 --- a/fix-compile-error.patch +++ /dev/null @@ -1,100 +0,0 @@ -From aa52644d1f9e5a1103e4f670b56074c4e46a04f2 Mon Sep 17 00:00:00 2001 -From: lrknox -Date: Fri, 11 May 2018 11:02:43 -0500 -Subject: [PATCH] Address compile errors and merge conflicts. - ---- - src/H5Abtree2.c | 2 +- - src/H5HFcache.c | 2 +- - src/H5Ocache.c | 4 ++-- - src/H5T.c | 8 +++----- - 4 files changed, 7 insertions(+), 8 deletions(-) - -diff --git a/src/H5Abtree2.c b/src/H5Abtree2.c -index 02fffce21c..318c60d750 100644 ---- a/src/H5Abtree2.c -+++ b/src/H5Abtree2.c -@@ -162,7 +162,7 @@ const H5B2_class_t H5A_BT2_CORDER[1]={{ /* B-tree class information */ - *------------------------------------------------------------------------- - */ - static herr_t --H5A__dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) -+H5A_dense_fh_name_cmp(const void *obj, size_t obj_len, void *_udata) - { - H5A_fh_ud_cmp_t *udata = (H5A_fh_ud_cmp_t *)_udata; /* User data for 'op' callback */ - H5A_t *attr = NULL; /* Pointer to attribute created from heap object */ -diff --git a/src/H5HFcache.c b/src/H5HFcache.c -index 319a865438..0d25dbf603 100644 ---- a/src/H5HFcache.c -+++ b/src/H5HFcache.c -@@ -384,7 +384,7 @@ H5HF_cache_hdr_load(H5F_t *f, hid_t dxpl_id, haddr_t addr, void *_udata) - UINT32DECODE(p, hdr->pline_root_direct_filter_mask); - - /* Decode I/O filter information */ -- if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, len, image))) -+ if(NULL == (pline = (H5O_pline_t *)H5O_msg_decode(hdr->f, udata->dxpl_id, NULL, H5O_PLINE_ID, hdr->filter_len, p))) - HGOTO_ERROR(H5E_HEAP, H5E_CANTDECODE, NULL, "can't decode I/O pipeline filters") - p += hdr->filter_len; - -diff --git a/src/H5Ocache.c b/src/H5Ocache.c -index ebae3f55bf..39f3ca330f 100644 ---- a/src/H5Ocache.c -+++ b/src/H5Ocache.c -@@ -1288,7 +1288,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, - unsigned ioflags = 0; /* Flags for decode routine */ - - /* Decode continuation message */ -- cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); -+ cont = (H5O_cont_t *)(H5O_MSG_CONT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); - cont->chunkno = udata->cont_msg_info->nmsgs + 1; /*the next continuation message/chunk */ - - /* Save 'native' form of continuation message */ -@@ -1312,7 +1312,7 @@ H5O_chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image, - - /* Decode ref. count message */ - HDassert(oh->version > H5O_VERSION_1); -- refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw); -+ refcount = (H5O_refcount_t *)(H5O_MSG_REFCOUNT->decode)(udata->f, udata->dxpl_id, NULL, 0, &ioflags, oh->mesg[curmesg].raw_size, oh->mesg[curmesg].raw); - - /* Save 'native' form of ref. count message */ - oh->mesg[curmesg].native = refcount; -diff --git a/src/H5T.c b/src/H5T.c -index 9eeb7db193..36b4c63001 100644 ---- a/src/H5T.c -+++ b/src/H5T.c -@@ -298,8 +298,6 @@ static herr_t H5T_unregister(H5T_pers_t pers, const char *name, H5T_t *src, - static herr_t H5T_register(H5T_pers_t pers, const char *name, H5T_t *src, - H5T_t *dst, H5T_conv_t func, hid_t dxpl_id, hbool_t api_call); - static htri_t H5T_compiler_conv(H5T_t *src, H5T_t *dst); --static herr_t H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc); --static H5T_t *H5T_decode(const unsigned char *buf); - static herr_t H5T_set_size(H5T_t *dt, size_t size); - - -@@ -2839,7 +2837,7 @@ H5Tdecode(const void *buf) - * - *------------------------------------------------------------------------- - */ --static herr_t -+herr_t - H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc) - { - size_t buf_size; /* Encoded size of datatype */ -@@ -2895,7 +2893,7 @@ H5T_encode(H5T_t *obj, unsigned char *buf, size_t *nalloc) - * - *------------------------------------------------------------------------- - */ --static H5T_t * -+H5T_t * - H5T_decode(size_t buf_size, const unsigned char *buf) - { - H5F_t *f = NULL; /* Fake file structure*/ -@@ -2916,7 +2914,7 @@ H5T_decode(size_t buf_size, const unsigned char *buf) - HGOTO_ERROR(H5E_DATATYPE, H5E_VERSION, NULL, "unknown version of encoded datatype") - - /* Decode the serialized datatype message */ -- if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_noio_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) -+ if(NULL == (ret_value = (H5T_t *)H5O_msg_decode(f, H5AC_ind_dxpl_id, NULL, H5O_DTYPE_ID, buf_size, buf))) - HGOTO_ERROR(H5E_DATATYPE, H5E_CANTDECODE, NULL, "can't decode object") - - /* Mark datatype as being in memory now */ diff --git a/hdf5-1.8.20.tar.bz2 b/hdf5-1.10.8.tar.bz2 similarity index 53% rename from hdf5-1.8.20.tar.bz2 rename to hdf5-1.10.8.tar.bz2 index 2ea1dddbb04da8b74f79ebe776745f994748d4bb..7cc18689f9f6486f2ef39d6baaef54aa5f6a76af 100644 Binary files a/hdf5-1.8.20.tar.bz2 and b/hdf5-1.10.8.tar.bz2 differ diff --git a/hdf5-LD_LIBRARY_PATH.patch b/hdf5-LD_LIBRARY_PATH.patch index 7d01278c8257a057aa10db80505c5a23351c1627..773149e19342f1369b7f27d4f510c49b9bdfb524 100644 --- a/hdf5-LD_LIBRARY_PATH.patch +++ b/hdf5-LD_LIBRARY_PATH.patch @@ -1,7 +1,8 @@ -diff -up hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH hdf5-1.8.13/src/Makefile.am ---- hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH 2014-05-05 20:13:01.000000000 -0600 -+++ hdf5-1.8.13/src/Makefile.am 2014-05-15 09:53:59.569476295 -0600 -@@ -128,8 +128,6 @@ settings_DATA=libhdf5.settings +Index: hdf5-1.10.8/src/Makefile.in +=================================================================== +--- hdf5-1.10.8.orig/src/Makefile.in ++++ hdf5-1.10.8/src/Makefile.in +@@ -1990,8 +1990,6 @@ help: # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5Tinit.c: H5detect$(EXEEXT) @@ -10,7 +11,7 @@ diff -up hdf5-1.8.13/src/Makefile.am.LD_LIBRARY_PATH hdf5-1.8.13/src/Makefile.am $(RUNSERIAL) ./H5detect$(EXEEXT) > $@ || \ (test $$HDF5_Make_Ignore && echo "*** Error ignored") || \ ($(RM) $@ ; exit 1) -@@ -140,8 +138,6 @@ H5Tinit.c: H5detect$(EXEEXT) +@@ -2002,8 +2000,6 @@ H5Tinit.c: H5detect$(EXEEXT) # Remove the generated .c file if errors occur unless HDF5_Make_Ignore # is set to ignore the error. H5lib_settings.c: H5make_libsettings$(EXEEXT) libhdf5.settings diff --git a/hdf5-ldouble-ppc64le.patch b/hdf5-ldouble-ppc64le.patch index dc97f6c7e246efea22590da406d1fa24a6aa7748..166c7de2cfa63de4b5a2789d9dc271d9b0cb248e 100644 --- a/hdf5-ldouble-ppc64le.patch +++ b/hdf5-ldouble-ppc64le.patch @@ -1,75 +1,79 @@ -diff -up hdf5-1.8.16/configure.ac.ldouble-ppc64le hdf5-1.8.16/configure.ac ---- hdf5-1.8.16/configure.ac.ldouble-ppc64le 2015-11-13 09:29:08.749125801 -0700 -+++ hdf5-1.8.16/configure.ac 2015-11-13 09:47:02.705174991 -0700 -@@ -2278,6 +2278,13 @@ else - unsigned char s2[8]; - int ret = 1; - +Index: hdf5-1.10.8/config/cmake/ConversionTests.c +=================================================================== +--- hdf5-1.10.8.orig/config/cmake/ConversionTests.c ++++ hdf5-1.10.8/config/cmake/ConversionTests.c +@@ -34,6 +34,14 @@ int HDF_NO_UBSAN main(void) + unsigned char s2[8]; + int ret = 1; + +#if defined __powerpc64__ && defined _LITTLE_ENDIAN + /* Don't bother checking on ppc64le, we know it'll work, and -+ * that what hdf5 calls 'special algorithm' simply is -+ * IBM ldouble 128 (i.e. two seperately scaled doubles). -+ * The check below assumes big endian. */ ++ that what hdf5 calls 'special algorithm' simply is ++ IBM ldouble 128 (i.e. two seperately scaled doubles). ++ The check below assumes big endian. */ + ret = 0; +#endif - if(sizeof(long double) == 16 && sizeof(long) == 8) { - /*make sure the long double type has 16 bytes in size and - * 11 bits of exponent. If it is, -@@ -2355,6 +2362,13 @@ else - unsigned char s[16]; - int flag=0, ret=1; - ++ + if(sizeof(long double) == 16 && sizeof(long) == 8) { + /*make sure the long double type has 16 bytes in size and + * 11 bits of exponent. If it is, +@@ -157,6 +165,14 @@ int HDF_NO_UBSAN main(void) + unsigned char s[16]; + int ret = 0; + +#if defined __powerpc64__ && defined _LITTLE_ENDIAN + /* Don't bother checking on ppc64le, we know it'll work, and -+ * that what hdf5 calls 'special algorithm' simply is -+ * IBM ldouble 128 (i.e. two seperately scaled doubles). -+ * The check below assumes big endian. */ ++ that what hdf5 calls 'special algorithm' simply is ++ IBM ldouble 128 (i.e. two seperately scaled doubles). ++ The check below assumes big endian. */ + ret = 0; +#endif - /*Determine if long double has 16 byte in size, 11 bit exponent, and - *the bias is 0x3ff */ - if(sizeof(long double) == 16) { -diff -up hdf5-1.8.16/configure.ldouble-ppc64le hdf5-1.8.16/configure -diff -up hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le hdf5-1.8.16/test/dt_arith.c ---- hdf5-1.8.16/test/dt_arith.c.ldouble-ppc64le 2015-10-23 23:13:43.000000000 -0600 -+++ hdf5-1.8.16/test/dt_arith.c 2015-11-13 09:29:08.765125707 -0700 -@@ -3010,7 +3010,18 @@ test_conv_flt_1 (const char *name, int r - buf, saved, nelmts); - #if H5_SIZEOF_LONG_DOUBLE!=H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE!=0 - } else if(src_type == FLT_LDOUBLE) { -- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, -+ size_t mant_dig = LDBL_MANT_DIG; -+ if (mant_dig >= src_nbits) { -+ /* This happens for IBM long double in little endian. -+ The macro LDBL_MANT_DIG says 106 mantissa bits, but the -+ HDF5 detection code actually represents it as a normal 64bit -+ double (52 bit mantissa) with the upper double being -+ unspec bits (which is sort of okay as the testsuite -+ wouldn't deal with that format correctly anyway). So -+ override the mantissa size. */ -+ mant_dig = 52; -+ } -+ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, - buf, saved, nelmts); ++ + if(sizeof(long double) == 16) { + /*make sure the long double type is the same as the failing type + *which has 16 bytes in size and 11 bits of exponent. If it is, +Index: hdf5-1.10.8/test/dt_arith.c +=================================================================== +--- hdf5-1.10.8.orig/test/dt_arith.c ++++ hdf5-1.10.8/test/dt_arith.c +@@ -3040,7 +3040,18 @@ test_conv_flt_1(const char *name, int ru + #if H5_SIZEOF_LONG_DOUBLE != H5_SIZEOF_DOUBLE && H5_SIZEOF_LONG_DOUBLE != 0 + } + else if (src_type == FLT_LDOUBLE) { +- INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, buf, saved, nelmts); ++ size_t mant_dig = LDBL_MANT_DIG; ++ if (mant_dig >= src_nbits) { ++ /* This happens for IBM long double in little endian. ++ The macro LDBL_MANT_DIG says 106 mantissa bits, but the ++ HDF5 detection code actually represents it as a normal 64bit ++ double (52 bit mantissa) with the upper double being ++ unspec bits (which is sort of okay as the testsuite ++ wouldn't deal with that format correctly anyway). So ++ override the mantissa size. */ ++ mant_dig = 52; ++ } ++ INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, buf, saved, nelmts); #endif - } else -@@ -3663,7 +3674,18 @@ test_conv_int_fp(const char *name, int r - INIT_FP_DENORM(long double, LDBL_MANT_DIG, src_size, src_nbits, sendian, dst_size, - buf, saved, nelmts); - } else { + } + else +@@ -3750,7 +3761,18 @@ test_conv_int_fp(const char *name, int r + nelmts); + } + else { - INIT_FP_SPECIAL(src_size, src_nbits, sendian, LDBL_MANT_DIG, dst_size, buf, saved, nelmts); -+ size_t mant_dig = LDBL_MANT_DIG; -+ if (mant_dig >= src_nbits) { -+ /* This happens for IBM long double in little endian. -+ The macro LDBL_MANT_DIG says 106 mantissa bits, but the -+ HDF5 detection code actually represents it as a normal 64bit -+ double (52 bit mantissa) with the upper double being -+ unspec bits (which is sort of okay as the testsuite -+ wouldn't deal with that format correctly anyway). So -+ override the mantissa size. */ -+ mant_dig = 52; -+ } ++ size_t mant_dig = LDBL_MANT_DIG; ++ if (mant_dig >= src_nbits) { ++ /* This happens for IBM long double in little endian. ++ The macro LDBL_MANT_DIG says 106 mantissa bits, but the ++ HDF5 detection code actually represents it as a normal 64bit ++ double (52 bit mantissa) with the upper double being ++ unspec bits (which is sort of okay as the testsuite ++ wouldn't deal with that format correctly anyway). So ++ override the mantissa size. */ ++ mant_dig = 52; ++ } + INIT_FP_SPECIAL(src_size, src_nbits, sendian, mant_dig, dst_size, buf, saved, nelmts); } #endif - } else + } + diff --git a/hdf5-mpi.patch b/hdf5-mpi.patch deleted file mode 100644 index e2e9386cdbd7bc918404a6fbc40e7d56f5480119..0000000000000000000000000000000000000000 --- a/hdf5-mpi.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff -up hdf5-1.8.16/testpar/t_pflush1.c.mpi hdf5-1.8.16/testpar/t_pflush1.c ---- hdf5-1.8.16/testpar/t_pflush1.c.mpi 2015-10-23 23:13:44.000000000 -0600 -+++ hdf5-1.8.16/testpar/t_pflush1.c 2016-03-20 21:46:42.089409776 -0600 -@@ -171,6 +171,7 @@ main(int argc, char* argv[]) - * because MPI_File_close wants to modify the file-handle variable. - */ - -+#if 0 - /* close file1 */ - if(H5Fget_vfd_handle(file1, fapl, (void **)&mpifh_p) < 0) { - printf("H5Fget_vfd_handle for file1 failed\n"); -@@ -189,14 +190,17 @@ main(int argc, char* argv[]) - printf("MPI_File_close for file2 failed\n"); - goto error; - } /* end if */ -+#endif - - fflush(stdout); - fflush(stderr); -+ MPI_Finalize(); - HD_exit(0); - - error: - fflush(stdout); - fflush(stderr); -+ MPI_Finalize(); - HD_exit(1); - } - diff --git a/hdf5.spec b/hdf5.spec index 124fb7daa81c7710da1481c9b16518c2dd980e4a..27e7bbd805b2a36ddcd9f97980670d97a7a570ec 100644 --- a/hdf5.spec +++ b/hdf5.spec @@ -8,31 +8,23 @@ %endif Name: hdf5 -Version: 1.8.20 -Release: 17 +Version: 1.10.8 +Release: 1 Summary: A data model, library, and file format for storing and managing data License: GPL-2.0-or-later and BSD-3-Clause URL: https://portal.hdfgroup.org/display/HDF5/HDF5 -Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.8/hdf5-1.8.20/src/hdf5-1.8.20.tar.bz2 +Source0: https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.10/hdf5-1.10.8/src/hdf5-1.10.8.tar.bz2 Source1: h5comp Patch0: hdf5-LD_LIBRARY_PATH.patch -Patch1: hdf5-mpi.patch +Patch1: CVE-2018-13867.patch Patch2: hdf5-ldouble-ppc64le.patch -Patch3: CVE-2018-17233.patch -Patch4: CVE-2018-17234.patch -Patch5: CVE-2018-17237.patch -Patch6: CVE-2018-17434-CVE-2018-17437.patch -Patch7: CVE-2018-17438.patch -Patch8: CVE-2017-17506.patch -Patch9: fix-compile-error.patch -Patch10: CVE-2018-17432.patch -Patch11: CVE-2018-17435.patch -Patch12: CVE-2018-13869-CVE-2018-13870.patch -Patch13: CVE-2018-13873.patch -Patch14: CVE-2018-16438.patch -Patch15: CVE-2018-14031.patch +Patch3: CVE-2018-14031.patch +Patch4: CVE-2018-16438.patch +Patch5: CVE-2019-8396.patch +Patch6: CVE-2020-10812.patch +Patch7: CVE-2021-37501.patch BuildRequires: gcc, gcc-c++ BuildRequires: krb5-devel, openssl-devel, zlib-devel, gcc-gfortran, time @@ -231,8 +223,10 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_bindir}/gif2h5 -%{_bindir}/h52gif +%{_bindir}/h5clear +%{_bindir}/h5format_convert +%{_bindir}/mirror_server +%{_bindir}/mirror_server_stop %{_bindir}/h5copy %{_bindir}/h5debug %{_bindir}/h5diff @@ -247,8 +241,6 @@ make %{?_smp_mflags} -C build check %{_bindir}/h5stat %{_bindir}/h5unjam %{_libdir}/*.so.10* -%{_libdir}/libhdf5_cpp.so.15* -%{_libdir}/libhdf5_hl_cpp.so.11* %files devel %{_bindir}/h5c++* @@ -268,8 +260,11 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_libdir}/mpich/bin/gif2h5 -%{_libdir}/mpich/bin/h52gif +%{_libdir}/mpich/bin/h5clear +%{_libdir}/mpich/bin/h5format_convert +%{_libdir}/mpich/bin/mirror_server +%{_libdir}/mpich/bin/mirror_server_stop +%{_libdir}/mpich/bin/perf %{_libdir}/mpich/bin/h5copy %{_libdir}/mpich/bin/h5debug %{_libdir}/mpich/bin/h5diff @@ -306,9 +301,12 @@ make %{?_smp_mflags} -C build check %license COPYING %doc MANIFEST README.txt release_docs/RELEASE.txt %doc release_docs/HISTORY*.txt -%{_libdir}/openmpi/bin/gif2h5 -%{_libdir}/openmpi/bin/h52gif +%{_libdir}/openmpi/bin/h5clear +%{_libdir}/openmpi/bin/h5format_convert %{_libdir}/openmpi/bin/h5copy +%{_libdir}/openmpi/bin/mirror_server +%{_libdir}/openmpi/bin/mirror_server_stop +%{_libdir}/openmpi/bin/perf %{_libdir}/openmpi/bin/h5debug %{_libdir}/openmpi/bin/h5diff %{_libdir}/openmpi/bin/h5dump @@ -340,6 +338,9 @@ make %{?_smp_mflags} -C build check %endif %changelog +* Fri May 26 2023 yaoxin - 1.10.8-1 +- Update to 1.10.8 and fix CVE-2018-13867,CVE-2019-8396,CVE-2020-10812,CVE-2021-37501 + * Tue Apr 11 2023 liyanan - 1.8.20-17 - Preserve the rpath of the hdf5-openmpi and hdf5-mpich subpackages