octave-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #60081] loading bad hdf file corrupts memory;

From: Dmitri A. Sergatskov
Subject: [Octave-bug-tracker] [bug #60081] loading bad hdf file corrupts memory; segfault at exit
Date: Sun, 21 Feb 2021 11:17:47 -0500 (EST)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 
Follow-up Comment #6, bug #60081 (project octave):

I confirm that I do not get the crash with this patch on "normal" binary. With
ASAn I still get "heap-buffer-overflow" at what looks to me 

#2 0x7fa6bfaddf25 in hdf5_read_next_data_internal
../libinterp/corefcn/ls-hdf5.cc:746


octave:1> load("test_matlab_h5write_bad.hdf5")
=================================================================
==2362753==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x602000213817 at pc 0x7fa6c14fb19d bp 0x7fa6878ec9f0 sp 0x7fa6878ec198
READ of size 8 at 0x602000213817 thread T6 (QThread)
    #0 0x7fa6c14fb19c  (/lib64/libasan.so.5+0xad19c)
    #1 0x7fa6b3eab0da in std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >::basic_string(char const*,
std::allocator<char> const&) (/lib64/libstdc++.so.6+0x1300da)
    #2 0x7fa6bfaddf25 in hdf5_read_next_data_internal
../libinterp/corefcn/ls-hdf5.cc:746
    #3 0x7fa6b9e29375  (/lib64/libhdf5.so.103+0x134375)
    #4 0x7fa6b9e30924 in H5G__node_iterate (/lib64/libhdf5.so.103+0x13b924)
    #5 0x7fa6b9d62998  (/lib64/libhdf5.so.103+0x6d998)
    #6 0x7fa6b9d63e5a in H5B_iterate (/lib64/libhdf5.so.103+0x6ee5a)
    #7 0x7fa6b9e36a4b in H5G__stab_iterate (/lib64/libhdf5.so.103+0x141a4b)
    #8 0x7fa6b9e33501 in H5G__obj_iterate (/lib64/libhdf5.so.103+0x13e501)
    #9 0x7fa6b9e2a641 in H5G_iterate (/lib64/libhdf5.so.103+0x135641)
    #10 0x7fa6b9e26d97 in H5Giterate (/lib64/libhdf5.so.103+0x131d97)
    #11 0x7fa6bfae0777 in read_hdf5_data(std::istream&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, bool&, octave_value&, std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> >&, string_vector const&, int,
int) ../libinterp/corefcn/ls-hdf5.cc:1133
    #12 0x7fa6bfab7cc3 in octave::load_save_system::load_vars(std::istream&,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>
> const&, octave::load_save_format const&, octave::mach_info::float_format,
bool, bool, bool, string_vector const&, int, int, int)
../libinterp/corefcn/load-save.cc:425
    #13 0x7fa6bfac4042 in octave::load_save_system::load(octave_value_list
const&, int) ../libinterp/corefcn/load-save.cc:1301
    #14 0x7fa6bfac71b9 in Fload(octave::interpreter&, octave_value_list
const&, int) ../libinterp/corefcn/load-save.cc:1658
<...deleted...>


Dmitri.
-- 


    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?60081>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]