Package: libhdf5-serial-dev
Version: 1.6.5-3
Severity: grave
Tags: security
Justification: user security hole

valgrind reports writes of unitialized memory in hdf5 library.  This
could be a serious security issue, depending on what that memory 
contains.  This can be reproduced by running almost any application
(that uses the library to write a file) in valigrind. 

The valgrind error message is:

==29786== Memcheck, a memory error detector.
==29786== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==29786== Using LibVEX rev 1804, a library for dynamic binary translation.
==29786== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==29786== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation 
==29786== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==29786== For more details, rerun with: -v
==29786== Syscall param write(buf) points to uninitialised byte(s)
==29786==    at 0x51119F0: __write_nocancel (in /usr/lib/debug/
==29786==    by 0x4E83FCD: (within /usr/lib/
==29786==    by 0x4E757DF: H5FD_flush (in /usr/lib/
==29786==    by 0x4E6E14A: (within /usr/lib/
==29786==    by 0x4E6F7B2: H5F_try_close (in /usr/lib/
==29786==    by 0x4E6F9BB: (within /usr/lib/
==29786==    by 0x4E9B313: H5I_dec_ref (in /usr/lib/
==29786==    by 0x4E6D880: H5Fclose (in /usr/lib/
==29786==    by 0x400AEE: main (hdf5_bug.c:22)
==29786==  Address 0x5add820 is 440 bytes inside a block of size 1,864 alloc'd
==29786==    at 0x4C21FAB: malloc (vg_replace_malloc.c:207)
==29786==    by 0x4E87873: (within /usr/lib/
==29786==    by 0x4E87E05: H5FL_blk_malloc (in /usr/lib/
==29786==    by 0x4E883A3: H5FL_blk_realloc (in /usr/lib/
==29786==    by 0x4E75D9F: H5FD_write (in /usr/lib/
==29786==    by 0x4E6C9A1: H5F_block_write (in /usr/lib/
==29786==    by 0x4EA05EA: (within /usr/lib/
==29786==    by 0x4E505B0: (within /usr/lib/
==29786==    by 0x4E51826: H5C_flush_cache (in /usr/lib/
==29786==    by 0x4E4C16E: H5AC_flush (in /usr/lib/
==29786==    by 0x4E6DF8C: (within /usr/lib/
==29786==    by 0x4E6F7B2: H5F_try_close (in /usr/lib/

As I said above, I think almost any practical use of the library will
cause this.  But just in case the error is due to a gross misunderstanding
of how I should use this library, here's the test code I used to generate
the above output:

#include <hdf5.h>

int main()
  hid_t file, table, space, mem_space;
  hsize_t ones[2] = { 1, 1 };
  int an_int = 5;
  remove( "test.hdf5" );
  file = H5Fcreate( "test.hdf5", H5F_ACC_EXCL, H5P_DEFAULT, H5P_DEFAULT );
  space = H5Screate_simple( 2, ones, NULL );
  table = H5Dcreate( file, "data", H5T_NATIVE_INT, space, H5P_DEFAULT );
  mem_space = H5Screate_simple( 1, ones, NULL );
  H5Dwrite( table, H5T_NATIVE_INT, mem_space, space, H5P_DEFAULT, &an_int );
  H5Sclose( mem_space );
  H5Dclose( table );
  H5Sclose( space );
  H5Fclose( file );
  return 0;

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libhdf5-serial-dev depends on:
ii  libc6-dev              2.7-6             GNU C Library: Development Librari
ii  libhdf5-serial-1.6.5-0 1.6.5-3           Hierarchical Data Format 5 (HDF5) 
ii  libjpeg62-dev          6b-13             Development files for the IJG JPEG
ii  zlib1g-dev             1: compression library - development

libhdf5-serial-dev recommends no packages.

-- no debconf information

Pkg-grass-devel mailing list

Reply via email to