-
-
Notifications
You must be signed in to change notification settings - Fork 267
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detection of incorrect IDs being passed to APIs #4662
Labels
Component - C Library
Core C library issues (usually in the src directory)
Priority - 1. High 🔼
These are important issues that should be resolved in the next release
Type - Bug / Bugfix
Please report security issues to [email protected] instead of creating an issue on GitHub
Comments
bmribler
added
Priority - 1. High 🔼
These are important issues that should be resolved in the next release
Component - C Library
Core C library issues (usually in the src directory)
Type - Bug / Bugfix
Please report security issues to [email protected] instead of creating an issue on GitHub
labels
Jul 19, 2024
bmribler
changed the title
Detection of an incorrect ID passed to APIs
Detection of incorrect IDs being passed to APIs
Jul 19, 2024
bmribler
added a commit
to bmribler/hdf5_bmr23
that referenced
this issue
Jul 24, 2024
In some API functions, the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of an ID argument. So when an inappropriate ID was passed in to the affected API, it was accepted. This behavior can cause issues at a later time, including a segfault, as reported in issue #HDFGroupGH-4656. The fix was applied to the following functions: H5Fget_intent() H5Fget_fileno() H5Fget_freespace() H5Fget_create_plist() H5Fget_access_plist() H5Fget_vfd_handle() H5Dvlen_get_buf_size() H5Fget_mdc_config() H5Fset_mdc_config() H5Freset_mdc_hit_rate_stats() Fixes HDFGroupGH-4662
lrknox
pushed a commit
that referenced
this issue
Jul 24, 2024
* Replace incorrect use of an internal function In some API functions, the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of an ID argument. So when an inappropriate ID was passed in to the affected API, it was accepted. This behavior can cause issues at a later time, including a segfault, as reported in issue #GH-4656. The fix was applied to the following functions: H5Fget_intent() H5Fget_fileno() H5Fget_freespace() H5Fget_create_plist() H5Fget_access_plist() H5Fget_vfd_handle() H5Dvlen_get_buf_size() H5Fget_mdc_config() H5Fset_mdc_config() H5Freset_mdc_hit_rate_stats() Fixes GH-4662
lrknox
pushed a commit
to lrknox/hdf5
that referenced
this issue
Jul 30, 2024
* Replace incorrect use of an internal function In some API functions, the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of an ID argument. So when an inappropriate ID was passed in to the affected API, it was accepted. This behavior can cause issues at a later time, including a segfault, as reported in issue #HDFGroupGH-4656. The fix was applied to the following functions: H5Fget_intent() H5Fget_fileno() H5Fget_freespace() H5Fget_create_plist() H5Fget_access_plist() H5Fget_vfd_handle() H5Dvlen_get_buf_size() H5Fget_mdc_config() H5Fset_mdc_config() H5Freset_mdc_hit_rate_stats() Fixes HDFGroupGH-4662
lrknox
added a commit
that referenced
this issue
Jul 30, 2024
* publish msi binary (#4663) * Add publish from branch workflow (#4664) * Replace incorrect use of an internal function (#4668) * Replace incorrect use of an internal function In some API functions, the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of an ID argument. So when an inappropriate ID was passed in to the affected API, it was accepted. This behavior can cause issues at a later time, including a segfault, as reported in issue #GH-4656. The fix was applied to the following functions: H5Fget_intent() H5Fget_fileno() H5Fget_freespace() H5Fget_create_plist() H5Fget_access_plist() H5Fget_vfd_handle() H5Dvlen_get_buf_size() H5Fget_mdc_config() H5Fset_mdc_config() H5Freset_mdc_hit_rate_stats() Fixes GH-4662 * Fix incorrect indentation for permissions. (#4669) * Remove outdated line from Copyright header in new files. (#4676) * Fix binary examples process (#4666) --------- Co-authored-by: Allen Byrne <[email protected]> Co-authored-by: bmribler <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Component - C Library
Core C library issues (usually in the src directory)
Priority - 1. High 🔼
These are important issues that should be resolved in the next release
Type - Bug / Bugfix
Please report security issues to [email protected] instead of creating an issue on GitHub
A number of APIs failed to detect an incorrect ID being passed in and, subsequently, caused various failures, including segfault.
This behavior happened when the internal function H5I_object() was used instead of H5I_object_verify(), which verifies the type of the ID argument.
From an initial inspection, the following files are affected:
H5D.c
H5F.c
The text was updated successfully, but these errors were encountered: