File Make-sure-unused-attribute-entries-are-NULLed.patch of Package hdf5.28369

From: Egbert Eich <eich@suse.com>
Date: Thu Jun 6 13:12:42 2024 +0200
Subject: Make sure unused attribute entries are NULLed
Patch-mainline: Upstream
Git-repo: https://github.com/HDFGroup/hdf5
Git-commit: 82b775a44e3f9939d6e9d394de81b274e3d091c1
References: bsc#124158

The number of attribute entries are doubled on every size increase in
H5A__compact_build_table_cb(). However, every call adds just one attribute.
Before calling H5A__close() on each attribute, H5A__attr_release_table()
will check each attribute entry for non-NULL. This will only work if
unused entries have been NULLed properly.

Fix CVE-2024-32608

Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.de>
---
 src/H5Aint.c | 3 +++
 1 file changed, 3 insertions(+)
diff --git a/src/H5Aint.c b/src/H5Aint.c
index 2e0ebbb38a..306805d624 100644
--- a/src/H5Aint.c
+++ b/src/H5Aint.c
@@ -1391,6 +1391,7 @@ H5A__compact_build_table_cb(H5O_t H5_ATTR_UNUSED *oh, H5O_mesg_t *mesg /*in,out*
     if (udata->curr_attr == udata->atable->nattrs) {
         H5A_t **new_table;      /* New table for attributes */
         size_t  new_table_size; /* Number of attributes in new table */
+	size_t  u;
 
         /* Allocate larger table */
         new_table_size = MAX(1, 2 * udata->atable->nattrs);
@@ -1400,6 +1401,8 @@ H5A__compact_build_table_cb(H5O_t H5_ATTR_UNUSED *oh, H5O_mesg_t *mesg /*in,out*
         /* Update table information in user data */
         udata->atable->attrs  = new_table;
         udata->atable->nattrs = new_table_size;
+	for (u = udata->curr_attr + 1; u < new_table_size; u++)
+	  udata->atable->attrs[u] = NULL;
     } /* end if */
 
     /* Copy attribute into table */
openSUSE Build Service is sponsored by