Skip to content

StackOverflow when calling H5Gget_info #6403

Open
Open
StackOverflow when calling H5Gget_info#6403
Assignees
jhendersonHDFbmribler
@gabe-sherman

Description

@gabe-sherman
gabe-sherman
opened on May 12, 2026

A StackOverflow occurs in H5Gget_info when it is provided with a specially crafted file opened with H5Fopen. The main source of this seems to be occuring in H5B__iterate_helper.

Minimal Reproducer

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include "hdf5.h"
int main(int argc, char *argv[])
{
    hid_t fapl_id = H5P_DEFAULT;
    hid_t file_id = H5Fopen(argv[1], H5F_ACC_RDWR, fapl_id);
    H5G_info_t n;
    H5Gget_info(file_id, &n);
    return 0;
}

Input File

https://github.com/FuturesLab/Library_Bugs/blob/main/hdf5/1

Commit

7acc58f

ASAN Trace

AddressSanitizer:DEADLYSIGNAL
=================================================================
==998258==ERROR: AddressSanitizer: stack-overflow on address 0x7fff20910ff8 (pc 0x55f4a65e3791 bp 0x7fff20911030 sp 0x7fff20911000 T0)
    #0 0x55f4a65e3791 in __asan::PoisonShadow(unsigned long, unsigned long, unsigned char) (/bugs/hdf5/harness/1/harness+0x20f791) (BuildId: 600e11337597dd9ae62b01b1f97c7a1319513769)
    #1 0x55f4a654cef0 in __asan_stack_malloc_2 (/bugs/hdf5/harness/1/harness+0x178ef0) (BuildId: 600e11337597dd9ae62b01b1f97c7a1319513769)
    #2 0x55f4a6d45126 in H5C_protect /local_src/hdf5/build_artifacts/code/src/H5Centry.c:2996
    #3 0x55f4a6cefddf in H5AC_protect /local_src/hdf5/build_artifacts/code/src/H5AC.c:1302:26
    #4 0x55f4a6cfb89f in H5B__iterate_helper /local_src/hdf5/build_artifacts/code/src/H5B.c:1140:32
    #5 0x55f4a6cfb9b7 in H5B__iterate_helper /local_src/hdf5/build_artifacts/code/src/H5B.c:1146:25
    
... repeated calls to  H5B__iterate_helper /local_src/hdf5/build_artifacts/code/src/H5B.c:1146:25

#26048 0x0000555555e7c888 in H5B__iterate_helper (f=<optimized out>, type=<optimized out>, addr=<optimized out>, exp_level=<optimized out>, op=<optimized out>, udata=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5B.c:1146
#26049 0x0000555555e7c530 in H5B_iterate (f=0x7c6ff6fe0170, type=0x5555564074c0 <H5AC_BT>, addr=144, op=0x80, udata=0x95, udata@entry=0x7bfff5f058a8) at /local_src/hdf5/build_artifacts/code/src/H5B.c:1187
#26050 0x00005555558777de in H5G__stab_count (oloc=0x7c5ff6fe5668, num_objs=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5Gstab.c:576
#26051 0x000055555586fb82 in H5G__obj_info (oloc=<optimized out>, grp_info=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5Gobj.c:730
#26052 0x0000555555e1cc18 in H5VL__native_group_get (obj=<optimized out>, args=<optimized out>, dxpl_id=<optimized out>, req=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5VLnative_group.c:199
#26053 0x0000555555debefa in H5VL__group_get (obj=<optimized out>, cls=<optimized out>, args=<optimized out>, dxpl_id=<optimized out>, req=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5VLcallback.c:4642
#26054 0x0000555555deba85 in H5VL_group_get (vol_obj=0x7c2ff6fe11e0, args=args@entry=0x7bfff5f05840, dxpl_id=792633534417207304, req=req@entry=0x0) at /local_src/hdf5/build_artifacts/code/src/H5VLcallback.c:4676
#26055 0x000055555584e951 in H5Gget_num_objs (loc_id=<optimized out>, num_objs=<optimized out>) at /local_src/hdf5/build_artifacts/code/src/H5Gdeprec.c:909
#26056 0x00005555557a3c1e in main (argc=2, argv=0x7fffffffdd38) at ./harness/1/harness.c:10

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

HDF5 - TRIAGE & TRACK

Status

Planning

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions