From ff56cbcad6ff3543ebf536f8e5004a6c08ddeed8 Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Tue, 24 Dec 2024 07:46:41 +0000
Subject: [PATCH 1/6] Fix vuln OSV-2024-381

---
 src/H5Faccum.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index 4d713576ca6..b97e6d17095 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -881,6 +881,11 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
                 H5_CHECKED_ASSIGN(overlap_size, size_t, (addr + size) - accum->loc, haddr_t);
                 new_accum_size = accum->size - overlap_size;
 
+                /* Ensure overlap_size and new_accum_size are within bounds */
+                if (overlap_size > accum->alloc_size || new_accum_size > accum->alloc_size) {
+                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "calculated sizes exceed allocated buffer size");
+                }
+
                 /* Move the accumulator buffer information to eliminate the freed block */
                 memmove(accum->buf, accum->buf + overlap_size, new_accum_size);
 

From 826a425cfc4034bb576b5128196eace952cd9749 Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 24 Dec 2024 07:48:05 +0000
Subject: [PATCH 2/6] Committing clang-format changes

---
 src/H5Faccum.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index b97e6d17095..17de72dce57 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -883,7 +883,8 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
 
                 /* Ensure overlap_size and new_accum_size are within bounds */
                 if (overlap_size > accum->alloc_size || new_accum_size > accum->alloc_size) {
-                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "calculated sizes exceed allocated buffer size");
+                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL,
+                                "calculated sizes exceed allocated buffer size");
                 }
 
                 /* Move the accumulator buffer information to eliminate the freed block */

From d0ae12151059159ffb1871ced8148a8fe53a6306 Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Thu, 9 Jan 2025 10:33:02 +0800
Subject: [PATCH 3/6] use H5_IS_BUFFER_OVERFLOW to check overflow

---
 src/H5Faccum.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index 17de72dce57..7f7e33bc3f2 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -881,10 +881,10 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
                 H5_CHECKED_ASSIGN(overlap_size, size_t, (addr + size) - accum->loc, haddr_t);
                 new_accum_size = accum->size - overlap_size;
 
-                /* Ensure overlap_size and new_accum_size are within bounds */
-                if (overlap_size > accum->alloc_size || new_accum_size > accum->alloc_size) {
-                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL,
-                                "calculated sizes exceed allocated buffer size");
+                /* Ensure that the memmove operation won't overflow past the buffer's allocated size */
+                if (H5_IS_BUFFER_OVERFLOW(accum->buf + overlap_size, new_accum_size, accum->buf + accum->alloc_size)) {
+                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, 
+                                "memmove operation would overflow buffer");
                 }
 
                 /* Move the accumulator buffer information to eliminate the freed block */

From 7289b2513b408e943c4d6e713fa941a3750ff25e Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Thu, 9 Jan 2025 10:56:39 +0800
Subject: [PATCH 4/6] Fix format err

---
 src/H5Faccum.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index 7f7e33bc3f2..6942bf32f49 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -882,10 +882,9 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
                 new_accum_size = accum->size - overlap_size;
 
                 /* Ensure that the memmove operation won't overflow past the buffer's allocated size */
-                if (H5_IS_BUFFER_OVERFLOW(accum->buf + overlap_size, new_accum_size, accum->buf + accum->alloc_size)) {
-                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, 
-                                "memmove operation would overflow buffer");
-                }
+                if (H5_IS_BUFFER_OVERFLOW(accum->buf + overlap_size, new_accum_size,
+                                          accum->buf + accum->alloc_size)) {
+                    HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "memmove operation would overflow buffer");
 
                 /* Move the accumulator buffer information to eliminate the freed block */
                 memmove(accum->buf, accum->buf + overlap_size, new_accum_size);

From 0d7b9d68ef359bd50080eb2806f0bb962ac67b75 Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Thu, 9 Jan 2025 11:01:22 +0800
Subject: [PATCH 5/6] Fix typo err

---
 src/H5Faccum.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index 6942bf32f49..add9fd33f81 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -885,7 +885,7 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
                 if (H5_IS_BUFFER_OVERFLOW(accum->buf + overlap_size, new_accum_size,
                                           accum->buf + accum->alloc_size)) {
                     HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "memmove operation would overflow buffer");
-
+                }
                 /* Move the accumulator buffer information to eliminate the freed block */
                 memmove(accum->buf, accum->buf + overlap_size, new_accum_size);
 

From 634e0960a567394c82100c6faf3d97b691d49f99 Mon Sep 17 00:00:00 2001
From: aled-ua <bugbuster.cc@gmail.com>
Date: Wed, 15 Jan 2025 20:38:07 +0800
Subject: [PATCH 6/6] Fix the last valid byte in buf

---
 src/H5Faccum.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/H5Faccum.c b/src/H5Faccum.c
index add9fd33f81..b45bce869bf 100644
--- a/src/H5Faccum.c
+++ b/src/H5Faccum.c
@@ -883,7 +883,7 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
 
                 /* Ensure that the memmove operation won't overflow past the buffer's allocated size */
                 if (H5_IS_BUFFER_OVERFLOW(accum->buf + overlap_size, new_accum_size,
-                                          accum->buf + accum->alloc_size)) {
+                                          accum->buf + accum->alloc_size - 1)) {
                     HGOTO_ERROR(H5E_ARGS, H5E_BADVALUE, FAIL, "memmove operation would overflow buffer");
                 }
                 /* Move the accumulator buffer information to eliminate the freed block */