Open MageWeiG opened 2 weeks ago
Which version of the library is this, how are you configuring and building the library, and how are you exercising the code? I don't see this problem via valgrind w/ gcc 13.2.0 when I run the file through the HDF5 command-line tools. It's looking for a custom VFD, though and the errors I'm seeing are plugin search errors, not file parse errors, which is where we typically have problems with fuzzers.
This vulnerability was discovered while testing h5_read_fuzzer using ossfuzz. According to Dockerfile (https://github.com/google/oss-fuzz/blob/master/projects/hdf5/Dockerfile), using the latest code. Because in the build. Sh (https://github.com/google/oss-fuzz/blob/master/projects/hdf5/build.sh) file is not found in the compiler, so I run into the Docker environment to see, The default compilation environment is 'CXX=clang++','CC=clang'. The harness file used is located https://github.com/google/oss-fuzz/blob/master/projects/hdf5/h5_read_fuzzer.c . Just replicated it using fuzzer and found it triggers. Do you need any more information?
When I was testing h5_read_fuzzer with libfuzzer, I found a memory leak .
The cause of this vulnerability is: H5F__accum_write calls H5FL_blk_malloc to apply for memory, and after a series of operations such as H5F_block_write and H5F__flush_phase2 functions do not release successfully, resulting in the vulnerability.
with the following crash information:
The vulnerability trigger sample is attached. leak-6885bf9dd873fb75b3ef6bb2c03afbb2b0f0d6af.zip