helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

hdf5: patch CVE-2025-2924

Browse Source 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Ankur Tyagi 2025-10-10 11:59:29 +13:00 committed by Gyorgy Sarvari
parent 01238545d8
commit f0cdeee918
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch Normal file
View File

@ -0,0 +1,39 @@
From 3a6f6c1f57c09281d4a9d11a1ae809fd21b666dd Mon Sep 17 00:00:00 2001
From: Glenn Song <43005495+glennsong09@users.noreply.github.com>
Date: Mon, 15 Sep 2025 07:56:54 -0500
Subject: [PATCH] CVE-2025-2924
Fixes heap-based buffer overflow in H5HL__fl_deserialize by adding an overflow check.
CVE: CVE-2025-2924
Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/0a57195ca67d278f1cf7d01566c121048e337a59]
(cherry picked from commit 0a57195ca67d278f1cf7d01566c121048e337a59)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/H5HLcache.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/H5HLcache.c b/src/H5HLcache.c
index d0836fe..7f412d2 100644
--- a/src/H5HLcache.c
+++ b/src/H5HLcache.c
@@ -225,6 +225,7 @@ H5HL__fl_deserialize(H5HL_t *heap)
/* check arguments */
assert(heap);
assert(!heap->freelist);
+ HDcompile_assert(sizeof(hsize_t) == sizeof(uint64_t));
/* Build free list */
free_block = heap->free_block;
@@ -232,6 +233,10 @@ H5HL__fl_deserialize(H5HL_t *heap)
const uint8_t *image; /* Pointer into image buffer */
/* Sanity check */
+
+ if (free_block > UINT64_MAX - (2 * heap->sizeof_size))
+ HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "decoded heap block address overflow");
+
if ((free_block + (2 * heap->sizeof_size)) > heap->dblk_size)
HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "bad heap free list");

1
meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
View File

@ -16,6 +16,7 @@ SRC_URI = " \
file://0002-Remove-suffix-shared-from-shared-library-name.patch \
file://0001-cmake-remove-build-flags.patch \
file://0001-CVE-2025-2923.patch \
file://0002-CVE-2025-2924.patch \
"
SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"