crash of h5dump of H5Faccum.c in function H5F__accum_read

[NigelX]

Hi
I found an crash error.

System info：
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0

hdf5 version 1.13.0 ,git branch development

---

Verification steps：
1.Get the source code of hdf5
2.Compile the hdf5

$ cd hdf5
$ mkdir build && cd build
$ cmake ../ -DCMAKE_C_COMPILER=clang  -DCMAKE_CXX_COMPILER=clang++ -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
$ make -j 32

3.run h5dump

$ cd bin
$ mkdir crashtest_dir
$ ./h5dump -r -d crashtest_dir/data poc

poc.zip

asan info

AddressSanitizer:DEADLYSIGNAL
=================================================================
==1901377==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f599a8c9ec8 bp 0x7fff93546500 sp 0x7fff93545cb8 T0)
==1901377==The signal is caused by a READ memory access.
==1901377==Hint: address points to the zero page.
    #0 0x7f599a8c9ec8  /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:436
    #1 0x494287 in __asan_memcpy (/home/hh/Downloads/hdf5/build/bin/h5dump+0x494287)
    #2 0x9af4c2 in H5MM_memcpy /home/hh/Downloads/hdf5/src/H5MM.c:617:11
    #3 0x11d4fb5 in H5F__accum_read /home/hh/Downloads/hdf5/src/H5Faccum.c:192:17
    #4 0xb7b938 in H5PB_read /home/hh/Downloads/hdf5/src/H5PB.c:720:13
    #5 0x7a0d87 in H5F_block_read /home/hh/Downloads/hdf5/src/H5Fio.c:147:9
    #6 0x61b385 in H5C__load_entry /home/hh/Downloads/hdf5/src/H5C.c:7193:21
    #7 0x61b385 in H5C_protect /home/hh/Downloads/hdf5/src/H5C.c:2363:30
    #8 0x5a8057 in H5AC_protect /home/hh/Downloads/hdf5/src/H5AC.c:1425:26
    #9 0x93b5ca in H5HL_protect /home/hh/Downloads/hdf5/src/H5HL.c:330:40
    #10 0x8a4beb in H5G__stab_iterate /home/hh/Downloads/hdf5/src/H5Gstab.c:521:25
    #11 0x897fdb in H5G__obj_iterate /home/hh/Downloads/hdf5/src/H5Gobj.c:672:26
    #12 0x8728ae in H5G__visit_cb /home/hh/Downloads/hdf5/src/H5Gint.c:1154:29
    #13 0x88de92 in H5G__node_iterate /home/hh/Downloads/hdf5/src/H5Gnode.c:967:25
    #14 0x114822b in H5B__iterate_helper /home/hh/Downloads/hdf5/src/H5B.c:1155:25
    #15 0x1147c0d in H5B_iterate /home/hh/Downloads/hdf5/src/H5B.c:1197:22
    #16 0x8a4ff1 in H5G__stab_iterate /home/hh/Downloads/hdf5/src/H5Gstab.c:537:26
    #17 0x897fdb in H5G__obj_iterate /home/hh/Downloads/hdf5/src/H5Gobj.c:672:26
    #18 0x8728ae in H5G__visit_cb /home/hh/Downloads/hdf5/src/H5Gint.c:1154:29
    #19 0x88de92 in H5G__node_iterate /home/hh/Downloads/hdf5/src/H5Gnode.c:967:25
    #20 0x114822b in H5B__iterate_helper /home/hh/Downloads/hdf5/src/H5B.c:1155:25
    #21 0x1147c0d in H5B_iterate /home/hh/Downloads/hdf5/src/H5B.c:1197:22
    #22 0x8a4ff1 in H5G__stab_iterate /home/hh/Downloads/hdf5/src/H5Gstab.c:537:26
    #23 0x897fdb in H5G__obj_iterate /home/hh/Downloads/hdf5/src/H5Gobj.c:672:26
    #24 0x87106f in H5G_visit /home/hh/Downloads/hdf5/src/H5Gint.c:1297:14
    #25 0x103fa3f in H5VL__native_link_specific /home/hh/Downloads/hdf5/src/H5VLnative_link.c:362:38
    #26 0xfe90e3 in H5VL__link_specific /home/hh/Downloads/hdf5/src/H5VLcallback.c:5140:22
    #27 0xfe90e3 in H5VL_link_specific /home/hh/Downloads/hdf5/src/H5VLcallback.c:5176:22
    #28 0x976df8 in H5Lvisit_by_name2 /home/hh/Downloads/hdf5/src/H5L.c:2024:22
    #29 0x558472 in traverse /home/hh/Downloads/hdf5/tools/lib/h5trav.c:288:17
    #30 0x55c606 in h5trav_visit /home/hh/Downloads/hdf5/tools/lib/h5trav.c:1057:9
    #31 0x553c25 in init_objs /home/hh/Downloads/hdf5/tools/lib/h5tools_utils.c:793:22
    #32 0x4c460c in table_list_add /home/hh/Downloads/hdf5/tools/src/h5dump/h5dump.c:476:9
    #33 0x4c75c2 in main /home/hh/Downloads/hdf5/tools/src/h5dump/h5dump.c:1549:13
    #34 0x7f599a8320b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #35 0x41c60d in _start (/home/hh/Downloads/hdf5/build/bin/h5dump+0x41c60d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-eX1tMB/glibc-2.31/string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:436 
==1901377==ABORTING

Fedora 33

Segmentation fault (core dumped)

Thanks

[byrnHDF]

This file also seems to be handled as it has the same stack trace as #586.
HDFView error stack:
[java] #12: /HDF_Projects/hdf5/dev/src/H5Fio.c line 141 in H5F_block_read(): attempting I/O in temporary file space
[java] major: Low-level I/O
[java] minor: Out of range

However, this did open and crash h5dump 1.13.3 release

[byrnHDF]

Using current develop: there was no crash and it produced this error stack:
HDF5-DIAG: Error detected in HDF5 (1.13.4-1) thread 0:
#000:/HDF_Projects/hdf5/dev/src/H5L.c line 1988 in H5Lvisit_by_name2(): link visitation failed
major: Links
minor: Iteration failed
#1: /HDF_Projects/hdf5/dev/src/H5VLcallback.c line 5517 in H5VL_link_specific(): unable to execute link specific callback
major: Virtual Object Layer
minor: Can't operate on object
#2: /HDF_Projects/hdf5/dev/src/H5VLcallback.c line 5483 in H5VL__link_specific(): unable to execute link specific callback
major: Virtual Object Layer
minor: Can't operate on object
#3: /HDF_Projects/hdf5/dev/src/H5VLnative_link.c line 377 in H5VL__native_link_specific(): link visitation failed
major: Links
minor: Iteration failed
#4: /HDF_Projects/hdf5/dev/src/H5Gint.c line 1244 in H5G_visit(): can't visit links
major: Symbol table
minor: Iteration failed
#5: /HDF_Projects/hdf5/dev/src/H5Gobj.c line 672 in H5G__obj_iterate(): can't iterate over symbol table
major: Symbol table
minor: Iteration failed
#6: /HDF_Projects/hdf5/dev/src/H5Gstab.c line 536 in H5G__stab_iterate(): iteration operator failed
major: Symbol table
minor: Can't move to next iterator location
#7: /HDF_Projects/hdf5/dev/src/H5B.c line 1194 in H5B_iterate(): B-tree iteration failed
major: B-Tree node
minor: Iteration failed
#8: /HDF_Projects/hdf5/dev/src/H5B.c line 1153 in H5B__iterate_helper(): B-tree iteration failed
major: B-Tree node
minor: Iteration failed
#9: /HDF_Projects/hdf5/dev/src/H5Gnode.c line 979 in H5G__node_iterate(): iteration operator failed
major: Symbol table
minor: Can't move to next iterator location
#10: /HDF_Projects/hdf5/dev/src/H5Gobj.c line 672 in H5G__obj_iterate(): can't iterate over symbol table
major: Symbol table
minor: Iteration failed
#11: /HDF_Projects/hdf5/dev/src/H5Gstab.c line 536 in H5G__stab_iterate(): iteration operator failed
major: Symbol table
minor: Can't move to next iterator location
#12: /HDF_Projects/hdf5/dev/src/H5B.c line 1194 in H5B_iterate(): B-tree iteration failed
major: B-Tree node
minor: Iteration failed
#13: /HDF_Projects/hdf5/dev/src/H5B.c line 1153 in H5B__iterate_helper(): B-tree iteration failed
major: B-Tree node
minor: Iteration failed
#14: /HDF_Projects/hdf5/dev/src/H5Gnode.c line 979 in H5G__node_iterate(): iteration operator failed
major: Symbol table
minor: Can't move to next iterator location
#15: /HDF_Projects/hdf5/dev/src/H5Gobj.c line 672 in H5G__obj_iterate(): can't iterate over symbol table
major: Symbol table
minor: Iteration failed
#16: /HDF_Projects/hdf5/dev/src/H5Gstab.c line 520 in H5G__stab_iterate(): unable to protect symbol table heap
major: Symbol table
minor: Protected metadata error
#17: /HDF_Projects/hdf5/dev/src/H5HL.c line 331 in H5HL_protect(): unable to load heap prefix
major: Heap
minor: Unable to protect metadata
#18: /HDF_Projects/hdf5/dev/src/H5AC.c line 1395 in H5AC_protect(): H5C_protect() failed
major: Object cache
minor: Unable to protect metadata
#19: /HDF_Projects/hdf5/dev/src/H5C.c line 2335 in H5C_protect(): can't load entry
major: Object cache
minor: Unable to load metadata into cache
#20: /HDF_Projects/hdf5/dev/src/H5C.c line 7179 in H5C__load_entry(): Can't read image*
major: Object cache
minor: Read failed
#21: /HDF_Projects/hdf5/dev/src/H5Fio.c line 147 in H5F_block_read(): read through page buffer failed
major: Low-level I/O
minor: Read failed
#22: /HDF_Projects/hdf5/dev/src/H5PB.c line 717 in H5PB_read(): read through metadata accumulator failed
major: Page Buffering
minor: Read failed
#23: /HDF_Projects/hdf5/dev/src/H5Faccum.c line 202 in H5F__accum_read(): driver read request failed
major: Low-level I/O
minor: Read failed
#24: /HDF_Projects/hdf5/dev/src/H5FDint.c line 255 in H5FD_read(): driver read request failed
major: Virtual File Layer
minor: Read failed
#25: /HDF_Projects/hdf5/dev/src/H5FDsec2.c line 699 in H5FD__sec2_read(): addr undefined, addr = 18446744073709551615
major: Invalid arguments to routine
minor: Bad value
h5dump error: internal error (file/HDF_Projects/hdf5/dev/tools/src/h5dump/h5dump.c:line 1525)
H5tools-DIAG: Error detected in HDF5:tools (1.13.4) thread 0:
#000: /HDF_Projects/hdf5/dev/tools/lib/h5tools_utils.c line 629 in init_objs(): finding shared objects failed
major: Failure in tools library
minor: error in function
#1: /HDF_Projects/hdf5/dev/tools/lib/h5trav.c line 1052 in h5trav_visit(): traverse failed
major: Failure in tools library
minor: error in function
#2: /HDF_Projects/hdf5/dev/tools/lib/h5trav.c line 284 in traverse(): H5Lvisit_by_name failed
major: Failure in tools library
minor: error in function

[byrnHDF]

No crash as error is handled in current develop

[derobins]

This is fixed in develop. A normal error is emitted and there is no memory leak.