Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

overflow of h5debug of H5MM.c in function H5MM_memcpy #574

Closed
NigelX opened this issue Apr 25, 2021 · 3 comments
Closed

overflow of h5debug of H5MM.c in function H5MM_memcpy #574

NigelX opened this issue Apr 25, 2021 · 3 comments

Comments

@NigelX
Copy link

NigelX commented Apr 25, 2021

Hi
I found an crash error.

System info:
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0

hdf5 version 1.13.0 ,git branch development

Verification steps:
1.Get the source code of hdf5
2.Compile the hdf5

$ cd hdf5
$ mkdir build && cd build
$ cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
$ make -j 32

3.run h5debug

$ cd bin
$ ./h5debug overflow

poc.zip

asan info

AddressSanitizer:DEADLYSIGNAL
=================================================================
==636498==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1bc1497ec8 bp 0x7ffd6cec2860 sp 0x7ffd6cec2018 T0)
==636498==The signal is caused by a READ memory access.
==636498==Hint: address points to the zero page.
    #0 0x7f1bc1497ec8  /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:436
    #1 0x4941f7 in __asan_memcpy (/home/hh/Downloads/hdf5/build/bin/h5debug+0x4941f7)
    #2 0x8d7172 in H5MM_memcpy /home/hh/Downloads/hdf5/src/H5MM.c:617:11
    #3 0x1085ec5 in H5F__accum_read /home/hh/Downloads/hdf5/src/H5Faccum.c:192:17
    #4 0xa73508 in H5PB_read /home/hh/Downloads/hdf5/src/H5PB.c:720:13
    #5 0x701ac7 in H5F_block_read /home/hh/Downloads/hdf5/src/H5Fio.c:147:9
    #6 0x56aeb5 in H5C__load_entry /home/hh/Downloads/hdf5/src/H5C.c:7193:21
    #7 0x56aeb5 in H5C_protect /home/hh/Downloads/hdf5/src/H5C.c:2363:30
    #8 0x4f5337 in H5AC_protect /home/hh/Downloads/hdf5/src/H5AC.c:1425:26
    #9 0x943d2e in H5O_protect /home/hh/Downloads/hdf5/src/H5Oint.c:1089:59
    #10 0x96dcc1 in H5O_msg_exists /home/hh/Downloads/hdf5/src/H5Omessage.c:844:23
    #11 0x7c56d9 in H5G_mkroot /home/hh/Downloads/hdf5/src/H5Groot.c:227:32
    #12 0x6e67e5 in H5F_open /home/hh/Downloads/hdf5/src/H5Fint.c:1997:13
    #13 0xeebcad in H5VL__native_file_open /home/hh/Downloads/hdf5/src/H5VLnative_file.c:96:29
    #14 0xe96576 in H5VL__file_open /home/hh/Downloads/hdf5/src/H5VLcallback.c:3355:30
    #15 0xe96576 in H5VL_file_open /home/hh/Downloads/hdf5/src/H5VLcallback.c:3481:30
    #16 0x6bf5b5 in H5F__open_api_common /home/hh/Downloads/hdf5/src/H5F.c:735:29
    #17 0x6be92e in H5Fopen /home/hh/Downloads/hdf5/src/H5F.c:776:22
    #18 0x4c4772 in main /home/hh/Downloads/hdf5/tools/src/misc/h5debug.c:286:16
    #19 0x7f1bc14000b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #20 0x41c57d in _start (/home/hh/Downloads/hdf5/build/bin/h5debug+0x41c57d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:436 
==636498==ABORTING

Fedora 33

Segmentation fault (core dumped)

Thanks
@byrnHDF
Copy link
Contributor

byrnHDF commented Nov 18, 2022
edited
Loading

h5dump output will not open file:
HDF5-DIAG: Error detected in HDF5 (1.13.4-1) thread 0:
#000: /HDF_Projects/hdf5/dev/src/H5L.c line 1988 in H5Lvisit_by_name2(): link visitation failed
major: Links
minor: Iteration failed
#1: /HDF_Projects/hdf5/dev/src/H5VLcallback.c line 5517 in H5VL_link_specific(): unable to execute link specific callback
major: Virtual Object Layer
minor: Can't operate on object
#2:/HDF_Projects/hdf5/dev/src/H5VLcallback.c line 5483 in H5VL__link_specific(): unable to execute link specific callback
major: Virtual Object Layer
minor: Can't operate on object
#3: /HDF_Projects/hdf5/dev/src/H5VLnative_link.c line 377 in H5VL__native_link_specific(): link visitation failed
major: Links
minor: Iteration failed
#4: /HDF_Projects/hdf5/dev/src/H5Gint.c line 1222 in H5G_visit(): can't check for link info message
major: Symbol table
minor: Can't get value
#5: /HDF_Projects/hdf5/dev/src/H5Gobj.c line 316 in H5G__obj_get_linfo(): unable to open v2 B-tree for name index
major: Symbol table
minor: Can't open object
#6: /HDF_Projects/hdf5/dev/src/H5B2.c line 208 in H5B2_open(): unable to protect v2 B-tree header
major: B-Tree node
minor: Unable to protect metadata
#7: /HDF_Projects/hdf5/dev/src/H5B2hdr.c line 529 in H5B2__hdr_protect(): unable to load v2 B-tree header, address = 18446744073709551615
major: B-Tree node
minor: Unable to protect metadata
#8: /HDF_Projects/hdf5/dev/src/H5AC.c line 1395 in H5AC_protect(): H5C_protect() failed
major: Object cache
minor: Unable to protect metadata
#9: /HDF_Projects/hdf5/dev/src/H5C.c line 2335 in H5C_protect(): can't load entry
major: Object cache
minor: Unable to load metadata into cache
#10: /HDF_Projects/hdf5/dev/src/H5C.c line 7179 in H5C__load_entry(): Can't read image*
major: Object cache
minor: Read failed
#11: /HDF_Projects/hdf5/dev/src/H5Fio.c line 147 in H5F_block_read(): read through page buffer failed
major: Low-level I/O
minor: Read failed
#12: /HDF_Projects/hdf5/dev/src/H5PB.c line 717 in H5PB_read(): read through metadata accumulator failed
major: Page Buffering
minor: Read failed
#13: /HDF_Projects/hdf5/dev/src/H5Faccum.c line 202 in H5F__accum_read(): driver read request failed
major: Low-level I/O
minor: Read failed
#14: /HDF_Projects/hdf5/dev/src/H5FDint.c line 255 in H5FD_read(): driver read request failed
major: Virtual File Layer
minor: Read failed
#15: /HDF_Projects/hdf5/dev/src/H5FDsec2.c line 699 in H5FD__sec2_read(): addr undefined, addr = 18446744073709551615
major: Invalid arguments to routine
minor: Bad value
h5dump error: internal error (file/HDF_Projects/hdf5/dev/tools/src/h5dump/h5dump.c:line 1525)
H5tools-DIAG: Error detected in HDF5:tools (1.13.4) thread 0:
#000: /HDF_Projects/hdf5/dev/tools/lib/h5tools_utils.c line 629 in init_objs(): finding shared objects failed
major: Failure in tools library
minor: error in function
#1: /HDF_Projects/hdf5/dev/tools/lib/h5trav.c line 1052 in h5trav_visit(): traverse failed
major: Failure in tools library
minor: error in function
#2: //HDF_Projects/hdf5/dev/tools/lib/h5trav.c line 284 in traverse(): H5Lvisit_by_name failed
major: Failure in tools library
minor: error in function

@byrnHDF
Copy link
Contributor

byrnHDF commented Nov 21, 2022

Current develop will refuse to open file with "cannot open file" from call to:
if ((fid = H5Fopen(argv[1], H5F_ACC_RDONLY, fapl)) < 0) {

@byrnHDF byrnHDF closed this as completed Nov 21, 2022
@byrnHDF
Copy link
Contributor

byrnHDF commented Nov 21, 2022

Current develop will refuse to open file with "cannot open file" from call to:
if ((fid = H5Fopen(argv[1], H5F_ACC_RDONLY, fapl)) < 0) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NigelX @byrnHDF