mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
fd052187ac
Details https://nvd.nist.gov/vuln/detail/CVE-2025-2926 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
33 lines
1.2 KiB
Diff
33 lines
1.2 KiB
Diff
From 6680a7795b76d451ff17f193e5cdca7a86b01699 Mon Sep 17 00:00:00 2001
|
|
From: bmribler <39579120+bmribler@users.noreply.github.com>
|
|
Date: Mon, 3 Nov 2025 13:01:04 -0500
|
|
Subject: [PATCH] Fix CVE-2025-2926 (#5841)
|
|
|
|
An image size was corrupted and decoded as 0 resulting in a NULL image buffer,
|
|
which caused a NULL pointer dereference when the image being copied to the buffer.
|
|
The invalid image size was caught in the PR #5710. This change catches right
|
|
before the copying.
|
|
|
|
Fixes GH issue #5384
|
|
|
|
CVE: CVE-2025-2926
|
|
Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/d37b537ff256f0fa65cb4f82b20f286ad9a2e1e2]
|
|
(cherry picked from commit d37b537ff256f0fa65cb4f82b20f286ad9a2e1e2)
|
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
|
---
|
|
src/H5Ocache.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/H5Ocache.c b/src/H5Ocache.c
|
|
index 6916a9044c..9b82509812 100644
|
|
--- a/src/H5Ocache.c
|
|
+++ b/src/H5Ocache.c
|
|
@@ -610,6 +610,7 @@ H5O__cache_chk_get_initial_load_size(void *_udata, size_t *image_len)
|
|
assert(udata);
|
|
assert(udata->oh);
|
|
assert(image_len);
|
|
+ assert(udata->size);
|
|
|
|
/* Set the image length size */
|
|
*image_len = udata->size;
|