From fcefb0a2fe9ee6ed00be4c619287750e796df02b Mon Sep 17 00:00:00 2001 From: aled-ua Date: Tue, 24 Dec 2024 07:51:50 +0000 Subject: [PATCH] Fix vuln OSV-2024-390 --- src/H5Ocache.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/H5Ocache.c b/src/H5Ocache.c index a5bf35aa7ba..8d06f282077 100644 --- a/src/H5Ocache.c +++ b/src/H5Ocache.c @@ -781,6 +781,10 @@ H5O__cache_chk_serialize(const H5F_t *f, void *image, size_t len, void *_thing) /* copy the chunk into the image -- this is potentially expensive. * Can we rework things so that the chunk and the cache share a buffer? */ + /* Ensure len does not exceed the size of the source buffer */ + if (len > chk_proxy->oh->chunk[chk_proxy->chunkno].size) + HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, FAIL, "buffer overflow detected"); + H5MM_memcpy(image, chk_proxy->oh->chunk[chk_proxy->chunkno].image, len); done: