mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
hdf5: patch CVE-2025-2924
Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Ankur Tyagi
Anuj Mittal
@@ -0,0 +1,37 @@
|
||||
From 3a6f6c1f57c09281d4a9d11a1ae809fd21b666dd Mon Sep 17 00:00:00 2001
|
||||
From: Glenn Song <43005495+glennsong09@users.noreply.github.com>
|
||||
Date: Mon, 15 Sep 2025 07:56:54 -0500
|
||||
Subject: [PATCH] Fixes heap-based buffer overflow in H5HL__fl_deserialize by adding an overflow check.
|
||||
|
||||
CVE: CVE-2025-2924
|
||||
Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/0a57195ca67d278f1cf7d01566c121048e337a59]
|
||||
|
||||
(cherry picked from commit 0a57195ca67d278f1cf7d01566c121048e337a59)
|
||||
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||
---
|
||||
src/H5HLcache.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/H5HLcache.c b/src/H5HLcache.c
|
||||
index d0836fe..7f412d2 100644
|
||||
--- a/src/H5HLcache.c
|
||||
+++ b/src/H5HLcache.c
|
||||
@@ -225,6 +225,7 @@ H5HL__fl_deserialize(H5HL_t *heap)
|
||||
/* check arguments */
|
||||
assert(heap);
|
||||
assert(!heap->freelist);
|
||||
+ HDcompile_assert(sizeof(hsize_t) == sizeof(uint64_t));
|
||||
|
||||
/* Build free list */
|
||||
free_block = heap->free_block;
|
||||
@@ -232,6 +233,10 @@ H5HL__fl_deserialize(H5HL_t *heap)
|
||||
const uint8_t *image; /* Pointer into image buffer */
|
||||
|
||||
/* Sanity check */
|
||||
+
|
||||
+ if (free_block > UINT64_MAX - (2 * heap->sizeof_size))
|
||||
+ HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "decoded heap block address overflow");
|
||||
+
|
||||
if ((free_block + (2 * heap->sizeof_size)) > heap->dblk_size)
|
||||
HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "bad heap free list");
|
||||
|
||||
@@ -19,6 +19,7 @@ SRC_URI = " \
|
||||
file://CVE-2025-2914.patch \
|
||||
file://CVE-2025-2915.patch \
|
||||
file://CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch \
|
||||
file://CVE-2025-2924.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user