Skip to content

Fixed allocation-size-too-big error in H5MM.c #5076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jan 26, 2025
Merged

Fixed allocation-size-too-big error in H5MM.c #5076

merged 4 commits into from
Jan 26, 2025

Conversation

bmribler
Copy link
Collaborator

@bmribler bmribler commented Nov 6, 2024

A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.

The fuzzer file is in the cve_hdf5 repo.

Fixes GH-4431

bmribler and others added 2 commits November 6, 2024 02:58
@bmribler
Fixed allocation-size-too-big error in H5MM.c
99d0d99 
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
@github-actions
Committing clang-format changes
565b6de
@bmribler bmribler added Priority - 1. High 🔼 Component - C Library Core C library issues (usually in the src directory) Type - Security Security issues, including library crashers and memory leaks labels Nov 6, 2024
qkoziol
qkoziol requested changes Nov 6, 2024
View reviewed changes
Copy link
Collaborator

@qkoziol qkoziol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost certainly, the cache is not the problem.

What kind of entry's "get_load_size" callback is being invoked to create the corrupted length?

@bmribler
Copy link
Collaborator Author

bmribler commented Nov 6, 2024
edited
Loading

Almost certainly, the cache is not the problem.

What kind of entry's "get_load_size" callback is being invoked to create the corrupted length?

Thanks, Quincey. H5HL__cache_prefix_get_final_load_size/H5HL__hdr_deserialize:
heap.dblk_size = 18446744073709551392

@qkoziol
Copy link
Collaborator

qkoziol commented Nov 6, 2024

OK, so it's in the local heap decode / get size callback. Is there any sanity checking you can do there?

@bmribler
Copy link
Collaborator Author

bmribler commented Nov 6, 2024
edited
Loading

OK, so it's in the local heap decode / get size callback. Is there any sanity checking you can do there?

Oh, I think I can do a similar check in H5HL__cache_prefix_get_final_load_size. Right? Or maybe, H5HL__hdr_deserialize, if I have enough info...

@qkoziol
Copy link
Collaborator

qkoziol commented Nov 6, 2024

Yes, adding a sensible range check there is good.

@bmribler bmribler marked this pull request as draft November 7, 2024 17:22
@bmribler bmribler marked this pull request as ready for review December 3, 2024 19:24
@bmribler bmribler requested a review from qkoziol December 13, 2024 19:36
@lrknox lrknox merged commit 99aac48 into HDFGroup:develop Jan 26, 2025
qkoziol pushed a commit to qkoziol/hdf5 that referenced this pull request Feb 3, 2025
@bmribler @qkoziol
Fixed allocation-size-too-big error in H5MM.c (HDFGroup#5076)
1bc8185 
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
qkoziol pushed a commit to qkoziol/hdf5 that referenced this pull request Feb 3, 2025
@bmribler @qkoziol
Fixed allocation-size-too-big error in H5MM.c (HDFGroup#5076)
6aa4729 
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
byrnHDF pushed a commit to byrnHDF/hdf5 that referenced this pull request Feb 10, 2025
@bmribler @byrnHDF
Fixed allocation-size-too-big error in H5MM.c (HDFGroup#5076)
93223e3 
A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qkoziol qkoziol qkoziol approved these changes

@lrknox lrknox lrknox approved these changes

@mattjala mattjala mattjala approved these changes

@derobins derobins Awaiting requested review from derobins derobins is a code owner

@byrnHDF byrnHDF Awaiting requested review from byrnHDF byrnHDF is a code owner

@fortnern fortnern Awaiting requested review from fortnern fortnern is a code owner

@jhendersonHDF jhendersonHDF Awaiting requested review from jhendersonHDF jhendersonHDF is a code owner

@vchoi-hdfgroup vchoi-hdfgroup Awaiting requested review from vchoi-hdfgroup vchoi-hdfgroup is a code owner

@glennsong09 glennsong09 Awaiting requested review from glennsong09 glennsong09 is a code owner

@brtnfld brtnfld Awaiting requested review from brtnfld brtnfld is a code owner

Assignees
No one assigned
Labels
Component - C Library Core C library issues (usually in the src directory) Type - Security Security issues, including library crashers and memory leaks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

allocation-size-too-big error in H5MM.c
4 participants
@bmribler @qkoziol @lrknox @mattjala