From a37a049cebb66b398aa600a09475a3245c6b127a Mon Sep 17 00:00:00 2001 From: jhendersonHDF Date: Wed, 3 Apr 2024 17:40:15 -0500 Subject: [PATCH 1/2] Simply check for datatypes with unusual number of unused bits (#4309) Avoids potential undefined behavior in H5T_is_numeric_with_unusual_unused_bits --- src/H5T.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/src/H5T.c b/src/H5T.c index e3cf451d30a..41998869b30 100644 --- a/src/H5T.c +++ b/src/H5T.c @@ -6785,24 +6785,13 @@ H5T_is_numeric_with_unusual_unused_bits(const H5T_t *dt) /* Is the correct type? */ if (H5T_INTEGER == dt->shared->type || H5T_FLOAT == dt->shared->type || H5T_BITFIELD == dt->shared->type) { -#if LDBL_MANT_DIG == 106 - /* This currently won't work for the IBM long double type */ - if (H5T_FLOAT == dt->shared->type && dt->shared->size == 16 && - (dt->shared->u.atomic.prec == 64 || dt->shared->u.atomic.prec == 128)) - HGOTO_DONE(false); -#endif /* Has unused bits? */ - if (dt->shared->u.atomic.prec < (dt->shared->size * 8)) { - unsigned surround_bits = - 1U << (1 + H5VM_log2_gen((dt->shared->u.atomic.prec + dt->shared->u.atomic.offset) - 1)); - + if (dt->shared->size > 1 && dt->shared->u.atomic.prec < (dt->shared->size * 8)) /* Unused bits are unusually large? */ - if (dt->shared->size > 1 && ((dt->shared->size * 8) > surround_bits)) - HGOTO_DONE(true); - } + ret_value = + (dt->shared->size * 8) > (2 * (dt->shared->u.atomic.prec + dt->shared->u.atomic.offset)); } -done: FUNC_LEAVE_NOAPI(ret_value) } /* end H5T_is_numeric_with_unusual_unused_bits() */ From 3424bc9756e00a8630b774449638bf5f498ef015 Mon Sep 17 00:00:00 2001 From: jhendersonHDF Date: Thu, 4 Apr 2024 07:34:05 -0500 Subject: [PATCH 2/2] Fix issues with empty or uninitialized link names (#4322) Converts an assertion in H5G_loc_find into a normal error check that checks for empty link names Initializes H5O_link_t structure early in H5G__ent_to_link to avoid trying to free potentially uninitialized memory Checks for an empty link name after H5MM_strndup in H5G__ent_to_link Fixes GitHub #4307 --- src/H5Gent.c | 13 +++++++++---- src/H5Gloc.c | 5 ++++- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/H5Gent.c b/src/H5Gent.c index 40872a041cc..2d6ece74083 100644 --- a/src/H5Gent.c +++ b/src/H5Gent.c @@ -365,6 +365,13 @@ H5G__ent_to_link(const H5G_entry_t *ent, const H5HL_t *heap, H5O_link_t *lnk) assert(heap); assert(lnk); + /* Initialize structure and set (default) common info for link */ + lnk->type = H5L_TYPE_ERROR; + lnk->corder_valid = false; /* Creation order not valid for this link */ + lnk->corder = 0; + lnk->cset = H5F_DEFAULT_CSET; + lnk->name = NULL; + /* Get the size of the heap block */ block_size = H5HL_heap_get_size(heap); @@ -372,12 +379,10 @@ H5G__ent_to_link(const H5G_entry_t *ent, const H5HL_t *heap, H5O_link_t *lnk) if (NULL == (name = (const char *)H5HL_offset_into(heap, ent->name_off))) HGOTO_ERROR(H5E_SYM, H5E_CANTGET, FAIL, "unable to get symbol table link name"); - /* Set (default) common info for link */ - lnk->cset = H5F_DEFAULT_CSET; - lnk->corder = 0; - lnk->corder_valid = false; /* Creation order not valid for this link */ if (NULL == (lnk->name = H5MM_strndup(name, (block_size - ent->name_off)))) HGOTO_ERROR(H5E_SYM, H5E_CANTGET, FAIL, "unable to duplicate link name"); + if (!*lnk->name) + HGOTO_ERROR(H5E_SYM, H5E_BADVALUE, FAIL, "invalid link name"); /* Object is a symbolic or hard link */ if (ent->type == H5G_CACHED_SLINK) { diff --git a/src/H5Gloc.c b/src/H5Gloc.c index d04c582d009..6e9d29845a0 100644 --- a/src/H5Gloc.c +++ b/src/H5Gloc.c @@ -410,9 +410,12 @@ H5G_loc_find(const H5G_loc_t *loc, const char *name, H5G_loc_t *obj_loc /*out*/) /* Check args. */ assert(loc); - assert(name && *name); + assert(name); assert(obj_loc); + if (!*name) + HGOTO_ERROR(H5E_SYM, H5E_BADVALUE, FAIL, "invalid object name"); + /* Set up user data for locating object */ udata.loc = obj_loc;