Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault in H5Oint.c #4433

Closed
gabe-sherman opened this issue Apr 21, 2024 · 2 comments
Closed

Segmentation fault in H5Oint.c #4433

gabe-sherman opened this issue Apr 21, 2024 · 2 comments
Assignees
@fortnern
Labels
Branch - 1.14 PRs to hdf5_1_14 Component - C Library Core C library issues (usually in the src directory) Confirmed Priority - 0. Blocker ⛔ This MUST be merged for the release to happen Type - Bug Please report security issues to [email protected] instead of creating an issue on GitHub
Milestone
1.14.5

Comments

@gabe-sherman
Copy link

gabe-sherman commented Apr 21, 2024
edited
Loading

A segmentation fault occurs in the below program when provided with a malformed input. This behavior occurs at line 1070 in H5Oint.c

#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <hdf5.h>

int main(int argc, char *argv[])
{
   hid_t v0 = H5Fopen(argv[1], H5F_ACC_RDONLY, H5P_DEFAULT);
   if (v0 == H5I_INVALID_HID) exit(1);
   H5G_info_t * v1;
   H5Gget_info(v0, v1);
   return 0;
}

How to trigger

./filename poc

POC File

https://github.com/FuturesLab/POC/blob/main/hdf5/poc-08

Test Environment

Ubuntu 22.04, 64bit

Version

Latest: 0394b03

Address Sanitizer Output

=================================================================
==1383990==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x555556fd85da bp 0x617000000508 sp 0x7fffffffd0a0 T0)
==1383990==The signal is caused by a READ memory access.
==1383990==Hint: address points to the zero page.
    #0 0x555556fd85da in H5O__assert /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Odbg.c:147:25
    #1 0x55555705391f in H5O_protect /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Oint.c:1071:5
    #2 0x5555570ad597 in H5O_msg_exists /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Omessage.c:787:23
    #3 0x555556ca3105 in H5G__open_oid /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gint.c:526:62
    #4 0x555556ca3105 in H5G_open /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gint.c:445:13
    #5 0x555556ced28a in H5G__obj_info /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gobj.c:708:24
    #6 0x555557a299e4 in H5VL__native_group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLnative_group.c:199:21
    #7 0x5555579a3a37 in H5VL__group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLcallback.c:4557:9
    #8 0x5555579a31f8 in H5VL_group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLcallback.c:4588:9
    #9 0x555556c82570 in H5G__get_info_api_common /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5G.c:565:9
    #10 0x555556c81d27 in H5Gget_info /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5G.c:589:9
    #11 0x5555566062e2 in main /home/gabesherman/harness_test/AutoHarn-Results/hdf5/autoharn-08/reproducer.c:12:4
    #12 0x7ffff7c29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #13 0x7ffff7c29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #14 0x555556548624 in _start (/home/gabesherman/harness_test/AutoHarn-Results/hdf5/autoharn-08/reproducer+0xff4624) (BuildId: bd2b74e8d3ce9459789d18c084b4467692ce2508)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Odbg.c:147:25 in H5O__assert
==1383990==ABORTING
@derobins derobins added this to the 1.14.5 milestone Apr 22, 2024
@derobins derobins added Priority - 0. Blocker ⛔ This MUST be merged for the release to happen Component - C Library Core C library issues (usually in the src directory) Type - Bug Please report security issues to [email protected] instead of creating an issue on GitHub UNCONFIRMED New issues are unconfirmed until a maintainer can duplicate them labels Apr 22, 2024
@bmribler bmribler added Confirmed and removed UNCONFIRMED New issues are unconfirmed until a maintainer can duplicate them labels Apr 23, 2024
@bmribler
Copy link
Contributor

Note: segfault did not occur with h5dump

@bmribler bmribler added the Branch - 1.14 PRs to hdf5_1_14 label Apr 23, 2024
@fortnern fortnern self-assigned this May 10, 2024
@fortnern fortnern mentioned this issue May 10, 2024
Merged
@fortnern
Copy link
Member

Should be fixed with #4477

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fortnern fortnern

Labels
Branch - 1.14 PRs to hdf5_1_14 Component - C Library Core C library issues (usually in the src directory) Confirmed Priority - 0. Blocker ⛔ This MUST be merged for the release to happen Type - Bug Please report security issues to [email protected] instead of creating an issue on GitHub
Projects
None yet
Milestone
1.14.5
Development

No branches or pull requests
4 participants
@derobins @fortnern @bmribler @gabe-sherman