-
-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A memory leak was found while using H5F__accum_write #4585
Comments
Which version of the library is this, how are you configuring and building the library, and how are you exercising the code? I don't see this problem via valgrind w/ gcc 13.2.0 when I run the file through the HDF5 command-line tools. It's looking for a custom VFD, though and the errors I'm seeing are plugin search errors, not file parse errors, which is where we typically have problems with fuzzers. |
This vulnerability was discovered while testing h5_read_fuzzer using ossfuzz. According to Dockerfile (https://github.com/google/oss-fuzz/blob/master/projects/hdf5/Dockerfile), using the latest code. |
* Fix issues with large external data files (#4843) (#4847) * Fixed a memory leak from H5FL_blk_malloc (#4882) In H5F__accum_reset(), when H5F__accum_flush() failed, the freeing of f_sh->accum.buf was never reached, causing resource leak. @fortnern added the third argument to H5F__accum_reset() so we can free f_sh->accum.buf when we close the file, that is, when H5F__accum_reset() is called from the H5F__dest() route, and can leave the accumulator in place otherwise. * Added an entry for the GH-4585 fix (#4889) * Fix an incorrect returned value by H5LTfind_dataset() (#4869) H5LTfind_dataset() returns true for non-existing datasets because it only compares up to the length of the searched string, such as "Day" vs "DayNight" (issue GH-4780). This PR applied the user's patch and added tests. * Fix minor spelling in documentation (#4870) --------- Co-authored-by: Neil Fortner <[email protected]> Co-authored-by: bmribler <[email protected]>
* Fix issues with large external data files (#4843) (#4847) * Fixed a memory leak from H5FL_blk_malloc (#4882) In H5F__accum_reset(), when H5F__accum_flush() failed, the freeing of f_sh->accum.buf was never reached, causing resource leak. @fortnern added the third argument to H5F__accum_reset() so we can free f_sh->accum.buf when we close the file, that is, when H5F__accum_reset() is called from the H5F__dest() route, and can leave the accumulator in place otherwise. * Added an entry for the GH-4585 fix (#4889) * Fix an incorrect returned value by H5LTfind_dataset() (#4869) H5LTfind_dataset() returns true for non-existing datasets because it only compares up to the length of the searched string, such as "Day" vs "DayNight" (issue GH-4780). This PR applied the user's patch and added tests. * Fix minor spelling in documentation (#4870) * Updated Platforms tested in RELEASE.txt Incremented version subrelease to -3.
* Fix issues with large external data files (#4843) (#4847) * Fixed a memory leak from H5FL_blk_malloc (#4882) In H5F__accum_reset(), when H5F__accum_flush() failed, the freeing of f_sh->accum.buf was never reached, causing resource leak. @fortnern added the third argument to H5F__accum_reset() so we can free f_sh->accum.buf when we close the file, that is, when H5F__accum_reset() is called from the H5F__dest() route, and can leave the accumulator in place otherwise. * Added an entry for the GH-4585 fix (#4889) * Fix an incorrect returned value by H5LTfind_dataset() (#4869) H5LTfind_dataset() returns true for non-existing datasets because it only compares up to the length of the searched string, such as "Day" vs "DayNight" (issue GH-4780). This PR applied the user's patch and added tests. * Fix minor spelling in documentation (#4870) * Set release version 1.14.5 and release date to 2024-09-30.
When I was testing h5_read_fuzzer with libfuzzer, I found a memory leak .
The cause of this vulnerability is: H5F__accum_write calls H5FL_blk_malloc to apply for memory, and after a series of operations such as H5F_block_write and H5F__flush_phase2 functions do not release successfully, resulting in the vulnerability.
with the following crash information:
The vulnerability trigger sample is attached.
leak-6885bf9dd873fb75b3ef6bb2c03afbb2b0f0d6af.zip
The text was updated successfully, but these errors were encountered: