Fix vuln OSV-2024-370

oss-patch · oss-patch · commit 256d1045a729 · 2024-11-27T17:52:03.000Z
diff --git a/src/H5Ochunk.c b/src/H5Ochunk.c
@@ -158,6 +158,10 @@ H5O__chunk_protect(H5F_t *f, H5O_t *oh, unsigned idx)
     HDassert(oh);
     HDassert(idx < oh->nchunks);
 
+    /* Ensure idx is within bounds */
+    if (idx >= oh->nchunks)
+        HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "chunk index out of bounds")
+
     /* Check for protecting first chunk */
     if (0 == idx) {
         /* Create new "fake" chunk proxy for first chunk */
diff --git a/src/H5Ocont.c b/src/H5Ocont.c
@@ -222,6 +222,9 @@ H5O__cont_delete(H5F_t *f, H5O_t *open_oh, void *_mesg)
     HDassert(f);
     HDassert(mesg);
 
+    if (mesg->chunkno >= open_oh->nchunks)
+        HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, FAIL, "chunk number out of bounds")
+
     /* Notify the cache that the chunk has been deleted */
     /* (releases the space for the chunk) */
     if (H5O__chunk_delete(f, open_oh, mesg->chunkno) < 0)
