Skip to content

Commit

Permalink
Fixes a segfault in h5dump (#4862)
Browse files Browse the repository at this point in the history
* Fixes a segfault in h5dump

The B-tree node level was corrupted, resulting in a segfault later.
This PR adds a check to detect when the node level is greater than
the number of entries and issue an error instead.

Fixes GH-4432
bmribler authored Sep 23, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 39fdf5d commit ff0839d
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/H5Bcache.c
Original file line number Diff line number Diff line change
@@ -179,6 +179,12 @@ H5B__cache_deserialize(const void *_image, size_t len, void *_udata, bool H5_ATT
if (bt->nchildren > shared->two_k)
HGOTO_ERROR(H5E_BTREE, H5E_BADVALUE, NULL, "number of children is greater than maximum");

/* Check in case of level is corrupted, it is unreasonable for level to be
larger than the number of entries */
if (bt->level > bt->nchildren)
HGOTO_ERROR(H5E_BTREE, H5E_BADVALUE, NULL,
"level cannot be greater than the number of children, possibly corrupted");

/* Sibling pointers */
if (H5_IS_BUFFER_OVERFLOW(image, H5F_sizeof_addr(udata->f), p_end))
HGOTO_ERROR(H5E_BTREE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");

0 comments on commit ff0839d

Please sign in to comment.