Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detection of incorrect IDs being passed to APIs #4662

Closed
bmribler opened this issue Jul 19, 2024 · 0 comments · Fixed by #4668
Closed

Detection of incorrect IDs being passed to APIs #4662

bmribler opened this issue Jul 19, 2024 · 0 comments · Fixed by #4668
Assignees
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub

Comments

@bmribler
Copy link
Contributor

A number of APIs failed to detect an incorrect ID being passed in and, subsequently, caused various failures, including segfault.
This behavior happened when the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of the ID argument.

From an initial inspection, the following files are affected:
H5D.c
H5F.c

@bmribler bmribler added Priority - 1. High 🔼 These are important issues that should be resolved in the next release Component - C Library Core C library issues (usually in the src directory) Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub labels Jul 19, 2024
@bmribler bmribler self-assigned this Jul 19, 2024
@bmribler bmribler changed the title Detection of an incorrect ID passed to APIs Detection of incorrect IDs being passed to APIs Jul 19, 2024
bmribler added a commit to bmribler/hdf5_bmr23 that referenced this issue Jul 24, 2024
In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #HDFGroupGH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes HDFGroupGH-4662
lrknox pushed a commit that referenced this issue Jul 24, 2024
* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #GH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes GH-4662
lrknox pushed a commit to lrknox/hdf5 that referenced this issue Jul 30, 2024
* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #HDFGroupGH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes HDFGroupGH-4662
lrknox added a commit that referenced this issue Jul 30, 2024
* publish msi binary (#4663)

* Add publish from branch workflow (#4664)

* Replace incorrect use of an internal function (#4668)

* Replace incorrect use of an internal function

In some API functions, the internal function H5I_object() was used instead
of H5I_object_verify(), which verifies the type of an ID argument.  So
when an inappropriate ID was passed in to the affected API, it was accepted.
This behavior can cause issues at a later time, including a segfault, as
reported in issue #GH-4656.

The fix was applied to the following functions:
H5Fget_intent()
H5Fget_fileno()
H5Fget_freespace()
H5Fget_create_plist()
H5Fget_access_plist()
H5Fget_vfd_handle()
H5Dvlen_get_buf_size()
H5Fget_mdc_config()
H5Fset_mdc_config()
H5Freset_mdc_hit_rate_stats()

Fixes GH-4662

* Fix incorrect indentation for permissions. (#4669)

* Remove outdated line from Copyright header in new files. (#4676)

* Fix binary examples process (#4666)

---------

Co-authored-by: Allen Byrne <[email protected]>
Co-authored-by: bmribler <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Component - C Library Core C library issues (usually in the src directory) Priority - 1. High 🔼 These are important issues that should be resolved in the next release Type - Bug / Bugfix Please report security issues to [email protected] instead of creating an issue on GitHub
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant