h5dump crashes when reading malformed files #5193

nhz2 · 2024-12-30T04:20:06Z

h5dump crashes when reading the following malformed files:

$ ./h5dump ~/t7.txt
h5dump error: internal error (file /home/nathan/github/hdf5/tools/src/h5dump/h5dump.c:line 1515)

t20.txt

$ ./h5dump ~/t20.txt
HDF5 "/home/nathan/t20.txt" {
GROUP "/" {
   DATASET "test-data" {
      DATATYPE  H5T_STD_U8LE
      DATASPACE  SIMPLE { ( 1002330 ) / ( 1002330 ) }
=================================================================
==7478==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f196b2fe91b at pc 0x5626ec052db7 bp 0x7ffd7f64e1d0 sp 0x7ffd7f64d9a0
READ of size 1002330 at 0x7f196b2fe91b thread T0
    #0 0x5626ec052db6 in __asan_memcpy (/home/nathan/github/hdf5/build/bin/h5dump+0xb5db6) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #1 0x7f196f503f8a in H5VM_memcpyvv (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e38f8a) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #2 0x7f196df7c834 in H5D__compact_readvv H5Dcompact.c
    #3 0x7f196e0735e2 in H5D__select_io H5Dselect.c
    #4 0x7f196e070f01 in H5D__select_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x9a5f01) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #5 0x7f196df0ca82 in H5D__chunk_read H5Dchunk.c
    #6 0x7f196e0341cc in H5D__read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x9691cc) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #7 0x7f196f4b4cbf in H5VL__native_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1de9cbf) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #8 0x7f196f4010dd in H5VL__dataset_read H5VLcallback.c
    #9 0x7f196f40040e in H5VL_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d3540e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #10 0x7f196deb1060 in H5D__read_api_common H5D.c
    #11 0x7f196deaf79f in H5Dread (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x7e479f) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #12 0x7f196fccf678 in h5tools_dump_simple_dset h5tools_dump.c
    #13 0x7f196fccd0e7 in h5tools_dump_dset (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xce0e7) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #14 0x7f196fcc1595 in h5tools_dump_data (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xc2595) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #15 0x5626ec0a3ee5 in dump_dataset (/home/nathan/github/hdf5/build/bin/h5dump+0x106ee5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #16 0x5626ec09ce6e in dump_all_cb h5dump_ddl.c
    #17 0x7f196e4a3e30 in H5G__iterate_cb H5Gint.c
    #18 0x7f196e4b3c43 in H5G__link_iterate_table (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xde8c43) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #19 0x7f196e45d854 in H5G__compact_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xd92854) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #20 0x7f196e4f14e8 in H5G__obj_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xe264e8) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #21 0x7f196e4a2b8e in H5G_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xdd7b8e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #22 0x7f196e71422d in H5L_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x104922d) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #23 0x7f196f4d63f3 in H5VL__native_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e0b3f3) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #24 0x7f196f43db38 in H5VL__link_specific H5VLcallback.c
    #25 0x7f196f43cf45 in H5VL_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d71f45) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #26 0x7f196e6e4a9c in H5L__iterate_api_common H5L.c
    #27 0x7f196e6e384c in H5Literate2 (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x101884c) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #28 0x5626ec09ac7d in link_iteration (/home/nathan/github/hdf5/build/bin/h5dump+0xfdc7d) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #29 0x5626ec0a1df5 in dump_group (/home/nathan/github/hdf5/build/bin/h5dump+0x104df5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #30 0x5626ec0905ce in main (/home/nathan/github/hdf5/build/bin/h5dump+0xf35ce) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #31 0x7f196d3bad8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #32 0x7f196d3bae3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #33 0x5626ebfd0c44 in _start (/home/nathan/github/hdf5/build/bin/h5dump+0x33c44) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)

0x7f196b2fe91b is located 0 bytes to the right of 581915-byte region [0x7f196b270800,0x7f196b2fe91b)
allocated by thread T0 here:
    #0 0x5626ec053a8e in __interceptor_malloc (/home/nathan/github/hdf5/build/bin/h5dump+0xb6a8e) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #1 0x7f196f561828 in H5Z__filter_shuffle H5Zshuffle.c
    #2 0x7f196f51af1a in H5Z_pipeline (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e4ff1a) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #3 0x7f196df3c79f in H5D__chunk_lock H5Dchunk.c
    #4 0x7f196df0c4e5 in H5D__chunk_read H5Dchunk.c
    #5 0x7f196e0341cc in H5D__read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x9691cc) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #6 0x7f196f4b4cbf in H5VL__native_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1de9cbf) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #7 0x7f196f4010dd in H5VL__dataset_read H5VLcallback.c
    #8 0x7f196f40040e in H5VL_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d3540e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #9 0x7f196deb1060 in H5D__read_api_common H5D.c
    #10 0x7f196deaf79f in H5Dread (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x7e479f) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #11 0x7f196fccf678 in h5tools_dump_simple_dset h5tools_dump.c
    #12 0x7f196fccd0e7 in h5tools_dump_dset (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xce0e7) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #13 0x7f196fcc1595 in h5tools_dump_data (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xc2595) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #14 0x5626ec0a3ee5 in dump_dataset (/home/nathan/github/hdf5/build/bin/h5dump+0x106ee5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #15 0x5626ec09ce6e in dump_all_cb h5dump_ddl.c
    #16 0x7f196e4a3e30 in H5G__iterate_cb H5Gint.c
    #17 0x7f196e4b3c43 in H5G__link_iterate_table (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xde8c43) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #18 0x7f196e45d854 in H5G__compact_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xd92854) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #19 0x7f196e4f14e8 in H5G__obj_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xe264e8) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #20 0x7f196e4a2b8e in H5G_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xdd7b8e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #21 0x7f196e71422d in H5L_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x104922d) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #22 0x7f196f4d63f3 in H5VL__native_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e0b3f3) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #23 0x7f196f43db38 in H5VL__link_specific H5VLcallback.c
    #24 0x7f196f43cf45 in H5VL_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d71f45) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #25 0x7f196e6e4a9c in H5L__iterate_api_common H5L.c
    #26 0x7f196e6e384c in H5Literate2 (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x101884c) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #27 0x5626ec09ac7d in link_iteration (/home/nathan/github/hdf5/build/bin/h5dump+0xfdc7d) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #28 0x5626ec0a1df5 in dump_group (/home/nathan/github/hdf5/build/bin/h5dump+0x104df5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #29 0x5626ec0905ce in main (/home/nathan/github/hdf5/build/bin/h5dump+0xf35ce) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/nathan/github/hdf5/build/bin/h5dump+0xb5db6) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828) in __asan_memcpy
Shadow bytes around the buggy address:
  0x0fe3ad657cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe3ad657ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe3ad657cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe3ad657d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fe3ad657d10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fe3ad657d20: 00 00 00[03]fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe3ad657d30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe3ad657d40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe3ad657d50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe3ad657d60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0fe3ad657d70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7478==ABORTING

t21.txt

$ ./h5dump ~/t21.txt
HDF5 "/home/nathan/t21.txt" {
GROUP "/" {
   DATASET "test-data" {
      DATATYPE  H5T_STD_U8LE
      DATASPACE  SIMPLE { ( 1 ) / ( 1 ) }
=================================================================
==7540==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000042ed at pc 0x7fbe683eb76e bp 0x7ffe6e602ad0 sp 0x7ffe6e602ac8
READ of size 1 at 0x6020000042ed thread T0
    #0 0x7fbe683eb76d in H5Z__filter_fletcher32 H5Zfletcher32.c
    #1 0x7fbe683e3f1a in H5Z_pipeline (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e4ff1a) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #2 0x7fbe66e0579f in H5D__chunk_lock H5Dchunk.c
    #3 0x7fbe66dd54e5 in H5D__chunk_read H5Dchunk.c
    #4 0x7fbe66efd1cc in H5D__read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x9691cc) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #5 0x7fbe6837dcbf in H5VL__native_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1de9cbf) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #6 0x7fbe682ca0dd in H5VL__dataset_read H5VLcallback.c
    #7 0x7fbe682c940e in H5VL_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d3540e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #8 0x7fbe66d7a060 in H5D__read_api_common H5D.c
    #9 0x7fbe66d7879f in H5Dread (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x7e479f) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #10 0x7fbe68b98678 in h5tools_dump_simple_dset h5tools_dump.c
    #11 0x7fbe68b960e7 in h5tools_dump_dset (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xce0e7) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #12 0x7fbe68b8a595 in h5tools_dump_data (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xc2595) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #13 0x55b77836aee5 in dump_dataset (/home/nathan/github/hdf5/build/bin/h5dump+0x106ee5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #14 0x55b778363e6e in dump_all_cb h5dump_ddl.c
    #15 0x7fbe6736ce30 in H5G__iterate_cb H5Gint.c
    #16 0x7fbe6737cc43 in H5G__link_iterate_table (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xde8c43) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #17 0x7fbe67326854 in H5G__compact_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xd92854) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #18 0x7fbe673ba4e8 in H5G__obj_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xe264e8) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #19 0x7fbe6736bb8e in H5G_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xdd7b8e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #20 0x7fbe675dd22d in H5L_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x104922d) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #21 0x7fbe6839f3f3 in H5VL__native_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e0b3f3) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #22 0x7fbe68306b38 in H5VL__link_specific H5VLcallback.c
    #23 0x7fbe68305f45 in H5VL_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d71f45) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #24 0x7fbe675ada9c in H5L__iterate_api_common H5L.c
    #25 0x7fbe675ac84c in H5Literate2 (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x101884c) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #26 0x55b778361c7d in link_iteration (/home/nathan/github/hdf5/build/bin/h5dump+0xfdc7d) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #27 0x55b778368df5 in dump_group (/home/nathan/github/hdf5/build/bin/h5dump+0x104df5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #28 0x55b7783575ce in main (/home/nathan/github/hdf5/build/bin/h5dump+0xf35ce) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #29 0x7fbe66283d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #30 0x7fbe66283e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #31 0x55b778297c44 in _start (/home/nathan/github/hdf5/build/bin/h5dump+0x33c44) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)

0x6020000042ed is located 3 bytes to the left of 1-byte region [0x6020000042f0,0x6020000042f1)
allocated by thread T0 here:
    #0 0x55b77831aa8e in __interceptor_malloc (/home/nathan/github/hdf5/build/bin/h5dump+0xb6a8e) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #1 0x7fbe66dedbaf in H5D__chunk_mem_alloc (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x859baf) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #2 0x7fbe66e0515e in H5D__chunk_lock H5Dchunk.c
    #3 0x7fbe66dd54e5 in H5D__chunk_read H5Dchunk.c
    #4 0x7fbe66efd1cc in H5D__read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x9691cc) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #5 0x7fbe6837dcbf in H5VL__native_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1de9cbf) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #6 0x7fbe682ca0dd in H5VL__dataset_read H5VLcallback.c
    #7 0x7fbe682c940e in H5VL_dataset_read (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d3540e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #8 0x7fbe66d7a060 in H5D__read_api_common H5D.c
    #9 0x7fbe66d7879f in H5Dread (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x7e479f) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #10 0x7fbe68b98678 in h5tools_dump_simple_dset h5tools_dump.c
    #11 0x7fbe68b960e7 in h5tools_dump_dset (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xce0e7) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #12 0x7fbe68b8a595 in h5tools_dump_data (/home/nathan/github/hdf5/build/bin/libhdf5_tools.so.1000+0xc2595) (BuildId: be547e283a88342c3d030eb6003e2ad85ab9aaf4)
    #13 0x55b77836aee5 in dump_dataset (/home/nathan/github/hdf5/build/bin/h5dump+0x106ee5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #14 0x55b778363e6e in dump_all_cb h5dump_ddl.c
    #15 0x7fbe6736ce30 in H5G__iterate_cb H5Gint.c
    #16 0x7fbe6737cc43 in H5G__link_iterate_table (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xde8c43) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #17 0x7fbe67326854 in H5G__compact_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xd92854) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #18 0x7fbe673ba4e8 in H5G__obj_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xe264e8) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #19 0x7fbe6736bb8e in H5G_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0xdd7b8e) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #20 0x7fbe675dd22d in H5L_iterate (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x104922d) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #21 0x7fbe6839f3f3 in H5VL__native_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1e0b3f3) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #22 0x7fbe68306b38 in H5VL__link_specific H5VLcallback.c
    #23 0x7fbe68305f45 in H5VL_link_specific (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x1d71f45) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #24 0x7fbe675ada9c in H5L__iterate_api_common H5L.c
    #25 0x7fbe675ac84c in H5Literate2 (/home/nathan/github/hdf5/build/bin/libhdf5.so.1000+0x101884c) (BuildId: ac1fbe9c7768d27a51f604c3f05be45b319a8ad7)
    #26 0x55b778361c7d in link_iteration (/home/nathan/github/hdf5/build/bin/h5dump+0xfdc7d) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #27 0x55b778368df5 in dump_group (/home/nathan/github/hdf5/build/bin/h5dump+0x104df5) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #28 0x55b7783575ce in main (/home/nathan/github/hdf5/build/bin/h5dump+0xf35ce) (BuildId: 4ff92347be593c988fdb048fa7435d9c0a78c828)
    #29 0x7fbe66283d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)

SUMMARY: AddressSanitizer: heap-buffer-overflow H5Zfletcher32.c in H5Z__filter_fletcher32
Shadow bytes around the buggy address:
  0x0c047fff8800: fa fa 00 fa fa fa 04 fa fa fa 00 fa fa fa 00 fa
  0x0c047fff8810: fa fa 00 fa fa fa fd fa fa fa 00 00 fa fa 00 fa
  0x0c047fff8820: fa fa 00 00 fa fa 00 fa fa fa 00 00 fa fa 00 00
  0x0c047fff8830: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
  0x0c047fff8840: fa fa 01 fa fa fa 00 00 fa fa 00 00 fa fa 00 00
=>0x0c047fff8850: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa[fa]01 fa
  0x0c047fff8860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff8890: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c047fff88a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7540==ABORTING

Platform (please complete the following information)

HDF5 version: commit 613af26
OS and version: Ubuntu 22.04.5 LTS on Windows 10 x86_64
I built hdf5 with

mkdir build && cd build
cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
make -j17

Additional context
Originally from JuliaIO/HDF5.jl#1184

The text was updated successfully, but these errors were encountered:

mkitti mentioned this issue Dec 30, 2024

Segfault when reading a file with a bad checksum JuliaIO/HDF5.jl#1184

Closed

vchoi-hdfgroup assigned byrnHDF Dec 30, 2024

vchoi-hdfgroup added Component - Tools Command-line tools like h5dump, includes high-level tools Priority - 2. Medium ⏹ It would be nice to have this in the next release labels Dec 30, 2024

vchoi-hdfgroup assigned bmribler and unassigned byrnHDF Dec 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

h5dump crashes when reading malformed files #5193

h5dump crashes when reading malformed files #5193

nhz2 commented Dec 30, 2024

h5dump crashes when reading malformed files #5193

h5dump crashes when reading malformed files #5193

Comments

nhz2 commented Dec 30, 2024