Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation violation with H5Fget_intent when passing in a dataset id (in HDF5 1.14.4.3) #4656

Closed
abhibaruah opened this issue Jul 16, 2024 · 5 comments
Assignees
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub

Comments

@abhibaruah
Copy link

HDF5 version - 1.14.4.3
OS : Debian 11
Compiler : gcc

I have a simple reproduction script where I accidently passed in the dataset Id to H5Fget_intent instead of file ID.
In HDF5 1.10.11, H5Fget_intent errored out with the message:

“HDF5-DIAG: Error detected in HDF5 (1.10.11) thread 0:
#000: H5F.c line 649 in H5Fget_intent(): not a file
major: Invalid arguments to routine
minor: Inappropriate type”

But, in HDF5 1.14.4.3, the program crashed (segmentation violation) on H5Fget_intent. While I would have expected the error, the segV seems like buggy behavior.
Please find my reproduction code below.
Also, I could reproduce it with any h5 file.

#include "hdf5.h"
#include <stdio.h>
#include <stdlib.h>

#define FILE1           "example.h5"
#define DATASET1        "/g1/g1.1/dset1.1.1"


int main() {
    hid_t           file, dset;    /* Handles */
    herr_t          status;
	unsigned* intent;
    

    /*
     * Create a new file using the default properties.
     */
       file = H5Fopen(FILE1, H5F_ACC_RDONLY, H5P_DEFAULT);

  
       dset = H5Dopen(file, DATASET1, H5P_DEFAULT);
	
	printf("Before H5Fget_intent \n");
	status = H5Fget_intent(dset, intent);
	printf("After H5Fget_intent \n");
	
	H5Dclose(dset);
	H5Fclose(file);
	
	return 0;
}
	
@bmribler bmribler added the Component - C Library Core C library issues (usually in the src directory) label Jul 17, 2024
@mattjala mattjala added Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub labels Jul 17, 2024
@bmribler
Copy link
Contributor

bmribler commented Jul 19, 2024

Hi @abhibaruah,
The buggy behavior was confirmed and an issue was created for the fix: #4662.
Thanks!

bmribler added a commit to bmribler/hdf5_bmr23 that referenced this issue Jul 24, 2024
In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #HDFGroupGH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes HDFGroupGH-4662
lrknox pushed a commit that referenced this issue Jul 24, 2024
* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #GH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes GH-4662
@bmribler
Copy link
Contributor

bmribler commented Jul 25, 2024

@abhibaruah
Hi Abhi,
I just want to let you know that this issue (aka #4662) is fixed in develop.

lrknox pushed a commit to lrknox/hdf5 that referenced this issue Jul 30, 2024
* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #HDFGroupGH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes HDFGroupGH-4662
lrknox added a commit that referenced this issue Jul 30, 2024
* publish msi binary (#4663)

* Add publish from branch workflow (#4664)

* Replace incorrect use of an internal function (#4668)

* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #GH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes GH-4662

* Fix incorrect indentation for permissions. (#4669)

* Remove outdated line from Copyright header in new files. (#4676)

* Fix binary examples process (#4666)

---------

Co-authored-by: Allen Byrne <[email protected]>
Co-authored-by: bmribler <[email protected]>
@bmribler
Copy link
Contributor

@abhibaruah Can this issue be closed?

@abhibaruah
Copy link
Author

Thanks Binh-Minh. If this has been fixed then yes it can be closed.
Will this fix be in the next 1.14 release? Or is the 1.14 branch unmaintained?

@derobins
Copy link
Member

This will be fixed in 1.14.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub
Projects
None yet
Development

No branches or pull requests

4 participants