-
-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed allocation-size-too-big error in H5MM.c #5076
Conversation
A decoded length appeared to be corrupted and had a very large value. This PR added a check to detect such potential data corruption.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost certainly, the cache is not the problem.
What kind of entry's "get_load_size" callback is being invoked to create the corrupted length?
Thanks, Quincey. H5HL__cache_prefix_get_final_load_size/H5HL__hdr_deserialize: |
OK, so it's in the local heap |
Oh, I think I can do a similar check in H5HL__cache_prefix_get_final_load_size. Right? Or maybe, H5HL__hdr_deserialize, if I have enough info... |
Yes, adding a sensible range check there is good. |
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
The fuzzer file is in the cve_hdf5 repo.
Fixes GH-4431