Skip to content

Commit 106c848

Browse files
markcmiller86markcmiller86
committed
* fix potential buffer overrun in dims_used array
* fix use of ndims_used instead of ndims in ZFP header setup
1 parent f620f30 commit 106c848

File tree

1 file changed

+13
-11
lines changed

1 file changed

+13
-11
lines changed

src/H5Zzfp.c

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -218,7 +218,7 @@ H5Z_zfp_set_local(hid_t dcpl_id, hid_t type_id, hid_t chunk_space_id)
218218
unsigned int hdr_cd_values[H5Z_ZFP_CD_NELMTS_MAX];
219219
unsigned int flags = 0;
220220
herr_t retval = 0;
221-
hsize_t dims[H5S_MAX_RANK], dims_used[3];
221+
hsize_t dims[H5S_MAX_RANK], dims_used[H5S_MAX_RANK];
222222
H5T_class_t dclass;
223223
zfp_type zt;
224224
zfp_field *dummy_field = 0;
@@ -238,13 +238,6 @@ H5Z_zfp_set_local(hid_t dcpl_id, hid_t type_id, hid_t chunk_space_id)
238238
if (0 > (ndims = H5Sget_simple_extent_dims(chunk_space_id, dims, 0)))
239239
H5Z_ZFP_PUSH_AND_GOTO(H5E_ARGS, H5E_BADTYPE, -1, "not a data space");
240240

241-
for (i = 0; i < ndims; i++)
242-
{
243-
if (dims[i] <= 1) continue;
244-
dims_used[ndims_used] = dims[i];
245-
ndims_used++;
246-
}
247-
248241
/* setup zfp data type for meta header */
249242
if (dclass == H5T_FLOAT)
250243
{
@@ -260,14 +253,22 @@ H5Z_zfp_set_local(hid_t dcpl_id, hid_t type_id, hid_t chunk_space_id)
260253
"datatype class must be H5T_FLOAT or H5T_INTEGER");
261254
}
262255

256+
/* computed used (e.g. non-unity) dimensions in chunk */
257+
for (i = 0; i < ndims; i++)
258+
{
259+
if (dims[i] <= 1) continue;
260+
dims_used[ndims_used] = dims[i];
261+
ndims_used++;
262+
}
263+
263264
/* set up dummy zfp field to compute meta header */
264265
switch (ndims_used)
265266
{
266267
case 1: dummy_field = Z zfp_field_1d(0, zt, dims_used[0]); break;
267268
case 2: dummy_field = Z zfp_field_2d(0, zt, dims_used[1], dims_used[0]); break;
268269
case 3: dummy_field = Z zfp_field_3d(0, zt, dims_used[2], dims_used[1], dims_used[0]); break;
269270
default: H5Z_ZFP_PUSH_AND_GOTO(H5E_PLINE, H5E_BADVALUE, 0,
270-
"requires chunks w/1,2 or 3 non-unity dims");
271+
"chunks may have only 1,2 or 3 non-unity dims");
271272
}
272273
if (!dummy_field)
273274
H5Z_ZFP_PUSH_AND_GOTO(H5E_RESOURCE, H5E_NOSPACE, 0, "zfp_field_Xd() failed");
@@ -308,7 +309,7 @@ H5Z_zfp_set_local(hid_t dcpl_id, hid_t type_id, hid_t chunk_space_id)
308309
switch (ctrls.mode)
309310
{
310311
case H5Z_ZFP_MODE_RATE:
311-
Z zfp_stream_set_rate(dummy_zstr, ctrls.details.rate, zt, ndims, 0);
312+
Z zfp_stream_set_rate(dummy_zstr, ctrls.details.rate, zt, ndims_used, 0);
312313
break;
313314
case H5Z_ZFP_MODE_PRECISION:
314315
#if ZFP_VERSION_NO < 0x0051
@@ -338,7 +339,7 @@ H5Z_zfp_set_local(hid_t dcpl_id, hid_t type_id, hid_t chunk_space_id)
338339
switch (mem_cd_values[0])
339340
{
340341
case H5Z_ZFP_MODE_RATE:
341-
Z zfp_stream_set_rate(dummy_zstr, *((double*) &mem_cd_values[2]), zt, ndims, 0);
342+
Z zfp_stream_set_rate(dummy_zstr, *((double*) &mem_cd_values[2]), zt, ndims_used, 0);
342343
break;
343344
case H5Z_ZFP_MODE_PRECISION:
344345
#if ZFP_VERSION_NO < 0x0051
@@ -473,6 +474,7 @@ get_zfp_info_from_cd_values(size_t cd_nelmts, unsigned int const *cd_values,
473474

474475
H5Z_zfp_init();
475476

477+
/* Pass &cd_values[1] here to strip off first entry holding version info */
476478
if (0x0020 <= h5z_zfp_version_no && h5z_zfp_version_no <= 0x0080)
477479
return get_zfp_info_from_cd_values_0x0030(cd_nelmts-1, &cd_values[1], zfp_mode, zfp_meta, swap);
478480

0 commit comments

Comments
 (0)