Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.6:Update
hdf5.27828
H5IMget_image_info-H5Sget_simple_extent_dims-do...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File H5IMget_image_info-H5Sget_simple_extent_dims-does-not-exceed-array-size.patch of Package hdf5.27828
From: Egbert Eich <eich@suse.com> Date: Tue Sep 27 10:29:56 2022 +0200 Subject: H5IMget_image_info: H5Sget_simple_extent_dims() does not exceed array size Patch-mainline: Not yet Git-repo: https://github.com/HDFGroup/hdf5 Git-commit: 7ed7a17cca39ec5838ad62724a24f186222a253b References: Malformed hdf5 files may provide more dimensions than the array dim[] is able to hold. Check number of elements first by calling H5Sget_simple_extent_dims() with NULL for both 'dims' and 'maxdims' arguments. This will cause the function to return only the number of dimensions. This fixes CVE-2018-17439 Signed-off-by: Egbert Eich <eich@suse.com> Signed-off-by: Egbert Eich <eich@suse.de> --- hl/src/H5IM.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hl/src/H5IM.c b/hl/src/H5IM.c index ff10d573c7..e37c696e25 100644 --- a/hl/src/H5IM.c +++ b/hl/src/H5IM.c @@ -283,6 +283,8 @@ H5IMget_image_info(hid_t loc_id, const char *dset_name, hsize_t *width, hsize_t if ((sid = H5Dget_space(did)) < 0) goto out; + if (H5Sget_simple_extent_dims(sid, NULL, NULL) > IMAGE24_RANK) + goto out; /* Get dimensions */ if (H5Sget_simple_extent_dims(sid, dims, NULL) < 0) goto out;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor