Package: libhdf5-serial-dev Version: 1.6.5-3 Severity: grave Tags: security Justification: user security hole
valgrind reports writes of unitialized memory in hdf5 library. This could be a serious security issue, depending on what that memory contains. This can be reproduced by running almost any application (that uses the library to write a file) in valigrind. The valgrind error message is: ==29786== Memcheck, a memory error detector. ==29786== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==29786== Using LibVEX rev 1804, a library for dynamic binary translation. ==29786== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==29786== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework. ==29786== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==29786== For more details, rerun with: -v ==29786== ==29786== Syscall param write(buf) points to uninitialised byte(s) ==29786== at 0x51119F0: __write_nocancel (in /usr/lib/debug/libc-2.7.so) ==29786== by 0x4E83FCD: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E757DF: H5FD_flush (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6E14A: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6F7B2: H5F_try_close (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6F9BB: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E9B313: H5I_dec_ref (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6D880: H5Fclose (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x400AEE: main (hdf5_bug.c:22) ==29786== Address 0x5add820 is 440 bytes inside a block of size 1,864 alloc'd ==29786== at 0x4C21FAB: malloc (vg_replace_malloc.c:207) ==29786== by 0x4E87873: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E87E05: H5FL_blk_malloc (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E883A3: H5FL_blk_realloc (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E75D9F: H5FD_write (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6C9A1: H5F_block_write (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4EA05EA: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E505B0: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E51826: H5C_flush_cache (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E4C16E: H5AC_flush (in /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6DF8C: (within /usr/lib/libhdf5-1.6.5.so.0.0.0) ==29786== by 0x4E6F7B2: H5F_try_close (in /usr/lib/libhdf5-1.6.5.so.0.0.0) As I said above, I think almost any practical use of the library will cause this. But just in case the error is due to a gross misunderstanding of how I should use this library, here's the test code I used to generate the above output: #include <hdf5.h> int main() { hid_t file, table, space, mem_space; hsize_t ones[2] = { 1, 1 }; int an_int = 5; H5open(); remove( "test.hdf5" ); file = H5Fcreate( "test.hdf5", H5F_ACC_EXCL, H5P_DEFAULT, H5P_DEFAULT ); space = H5Screate_simple( 2, ones, NULL ); table = H5Dcreate( file, "data", H5T_NATIVE_INT, space, H5P_DEFAULT ); mem_space = H5Screate_simple( 1, ones, NULL ); H5Dwrite( table, H5T_NATIVE_INT, mem_space, space, H5P_DEFAULT, &an_int ); H5Sclose( mem_space ); H5Dclose( table ); H5Sclose( space ); H5Fclose( file ); H5close(); return 0; } -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libhdf5-serial-dev depends on: ii libc6-dev 2.7-6 GNU C Library: Development Librari ii libhdf5-serial-1.6.5-0 1.6.5-3 Hierarchical Data Format 5 (HDF5) ii libjpeg62-dev 6b-13 Development files for the IJG JPEG ii zlib1g-dev 1:1.2.3.3.dfsg-11 compression library - development libhdf5-serial-dev recommends no packages. -- no debconf information _______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel