From 99d0d99597f9497652d84ae8cd4f61b9f40a65fc Mon Sep 17 00:00:00 2001
From: Binh-Minh <bmribler@hdfgroup.org>
Date: Wed, 6 Nov 2024 02:58:08 -0500
Subject: [PATCH 1/4] Fixed allocation-size-too-big error in H5MM.c

A decoded length appeared to be corrupted and had a very large value.
This PR added a check to detect such potential data corruption.
---
 src/H5Centry.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/H5Centry.c b/src/H5Centry.c
index 2bbf9acdbb5..7f557a993ab 100644
--- a/src/H5Centry.c
+++ b/src/H5Centry.c
@@ -944,13 +944,18 @@ H5C__verify_len_eoa(H5F_t *f, const H5C_class_t *type, haddr_t addr, size_t *len
         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "address of object past end of allocation");
 
     /* Check if the amount of data to read will be past the EOA */
-    if (H5_addr_gt((addr + *len), eoa)) {
-        if (actual)
-            HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "actual len exceeds EOA");
-        else
-            /* Trim down the length of the metadata */
-            *len = (size_t)(eoa - addr);
-    } /* end if */
+    if ((ULONG_MAX - *len) >= addr) {
+        if (H5_addr_gt((addr + *len), eoa)) {
+            if (actual)
+                HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "actual len exceeds EOA");
+            else
+                /* Trim down the length of the metadata */
+                *len = (size_t)(eoa - addr);
+        } /* end if */
+    }
+    else {
+        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "total of addr and len exceeds max possible value (potential corrupted data)");
+    }
 
     if (*len <= 0)
         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");

From 565b6de631cb4b42fd6b396f8de6127f3c8eb01f Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 6 Nov 2024 08:02:06 +0000
Subject: [PATCH 2/4] Committing clang-format changes

---
 src/H5Centry.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/H5Centry.c b/src/H5Centry.c
index 7f557a993ab..5b1bf1a5808 100644
--- a/src/H5Centry.c
+++ b/src/H5Centry.c
@@ -954,7 +954,8 @@ H5C__verify_len_eoa(H5F_t *f, const H5C_class_t *type, haddr_t addr, size_t *len
         } /* end if */
     }
     else {
-        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "total of addr and len exceeds max possible value (potential corrupted data)");
+        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL,
+                    "total of addr and len exceeds max possible value (potential corrupted data)");
     }
 
     if (*len <= 0)

From d1ff4dce991dd9ca1cb33d1d5a7ecac4bd921cd6 Mon Sep 17 00:00:00 2001
From: Binh-Minh <bmribler@hdfgroup.org>
Date: Tue, 3 Dec 2024 14:21:24 -0500
Subject: [PATCH 3/4] Replaced previous fix with QAK's fix

---
 src/H5Centry.c | 27 +++++++++++----------------
 1 file changed, 11 insertions(+), 16 deletions(-)

diff --git a/src/H5Centry.c b/src/H5Centry.c
index 5b1bf1a5808..e363b7a359e 100644
--- a/src/H5Centry.c
+++ b/src/H5Centry.c
@@ -943,23 +943,18 @@ H5C__verify_len_eoa(H5F_t *f, const H5C_class_t *type, haddr_t addr, size_t *len
     if (H5_addr_gt(addr, eoa))
         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "address of object past end of allocation");
 
-    /* Check if the amount of data to read will be past the EOA */
-    if ((ULONG_MAX - *len) >= addr) {
-        if (H5_addr_gt((addr + *len), eoa)) {
-            if (actual)
-                HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "actual len exceeds EOA");
-            else
-                /* Trim down the length of the metadata */
-                *len = (size_t)(eoa - addr);
-        } /* end if */
-    }
-    else {
-        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL,
-                    "total of addr and len exceeds max possible value (potential corrupted data)");
-    }
+    /* Check if the amount of data to read will be past the EOA, or wraps around */
+    if (H5_addr_lt((addr + *len), addr) || H5_addr_gt((addr + *len), eoa)) {
+        if (actual)
+            HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "actual len exceeds EOA");
+        else {
+            /* Trim down the length of the metadata */
+            *len = (size_t)(eoa - addr);
 
-    if (*len <= 0)
-        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");
+            if (*len <= 0)
+                HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");
+        } /* end else */
+    } /* end if */
 
 done:
     FUNC_LEAVE_NOAPI(ret_value)

From d6f499bd1b8e23efb8c6e89d28fbd561438946c9 Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 3 Dec 2024 19:24:15 +0000
Subject: [PATCH 4/4] Committing clang-format changes

---
 src/H5Centry.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/H5Centry.c b/src/H5Centry.c
index e363b7a359e..466701f61ce 100644
--- a/src/H5Centry.c
+++ b/src/H5Centry.c
@@ -954,7 +954,7 @@ H5C__verify_len_eoa(H5F_t *f, const H5C_class_t *type, haddr_t addr, size_t *len
             if (*len <= 0)
                 HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "len not positive after adjustment for EOA");
         } /* end else */
-    } /* end if */
+    }     /* end if */
 
 done:
     FUNC_LEAVE_NOAPI(ret_value)