hdf5 icon indicating copy to clipboard operation
hdf5 copied to clipboard
verified publisher icon HDFGroup

Segmentation fault in H5Oint.c

Open gabe-sherman opened this issue 1 year ago • 1 comments

A segmentation fault occurs in the below program when provided with a malformed input. This behavior occurs at line 1070 in H5Oint.c

#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <stdlib.h>
#include <hdf5.h>

int main(int argc, char *argv[])
{
   hid_t v0 = H5Fopen(argv[1], H5F_ACC_RDONLY, H5P_DEFAULT);
   if (v0 == H5I_INVALID_HID) exit(1);
   H5G_info_t * v1;
   H5Gget_info(v0, v1);
   return 0;
}

How to trigger

./filename poc

POC File

https://github.com/FuturesLab/POC/blob/main/hdf5/poc-08

Test Environment

Ubuntu 22.04, 64bit

Version

Latest: 0394b03f66dc45fe96e2c772b7bce293e4316ad2

Address Sanitizer Output

=================================================================
==1383990==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x555556fd85da bp 0x617000000508 sp 0x7fffffffd0a0 T0)
==1383990==The signal is caused by a READ memory access.
==1383990==Hint: address points to the zero page.
    #0 0x555556fd85da in H5O__assert /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Odbg.c:147:25
    #1 0x55555705391f in H5O_protect /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Oint.c:1071:5
    #2 0x5555570ad597 in H5O_msg_exists /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Omessage.c:787:23
    #3 0x555556ca3105 in H5G__open_oid /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gint.c:526:62
    #4 0x555556ca3105 in H5G_open /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gint.c:445:13
    #5 0x555556ced28a in H5G__obj_info /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Gobj.c:708:24
    #6 0x555557a299e4 in H5VL__native_group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLnative_group.c:199:21
    #7 0x5555579a3a37 in H5VL__group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLcallback.c:4557:9
    #8 0x5555579a31f8 in H5VL_group_get /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5VLcallback.c:4588:9
    #9 0x555556c82570 in H5G__get_info_api_common /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5G.c:565:9
    #10 0x555556c81d27 in H5Gget_info /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5G.c:589:9
    #11 0x5555566062e2 in main /home/gabesherman/harness_test/AutoHarn-Results/hdf5/autoharn-08/reproducer.c:12:4
    #12 0x7ffff7c29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #13 0x7ffff7c29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #14 0x555556548624 in _start (/home/gabesherman/harness_test/AutoHarn-Results/hdf5/autoharn-08/reproducer+0xff4624) (BuildId: bd2b74e8d3ce9459789d18c084b4467692ce2508)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/gabesherman/harness_test/AutoHarn-Evaluation/hdf5/lib_asan/src/H5Odbg.c:147:25 in H5O__assert
==1383990==ABORTING

gabe-sherman avatar Apr 21 '24 16:04 gabe-sherman

Note: segfault did not occur with h5dump

bmribler avatar Apr 23 '24 15:04 bmribler

Should be fixed with #4477

fortnern avatar May 14 '24 17:05 fortnern