Opened 14 years ago

Closed 14 years ago

#3218 closed defect (fixed)

HDF5 driver crashes with stackoverflow on this HDF5 image

Reported by: gaopeng Owned by: warmerdam
Priority: normal Milestone: 1.6.3
Component: GDAL_Raster Version: 1.6.1
Severity: normal Keywords: HDF5
Cc:

Description (last modified by warmerdam)

HDF5 driver crashes with stackoverflow on a test HDF5 image in Windows. The test image is attached. The following is the call stack 

>	gdal16d.dll!_chkstk()  Line 99	Asm
 	gdal16d.dll!CreatePath(HDF5GroupObjects * poH5Object=0x0532a090)  Line 344 + 0xc bytes	C++
 	gdal16d.dll!CreatePath(HDF5GroupObjects * 
...
 	hdf5ddll.dll!H5G_stab_iterate(const H5O_loc_t * oloc=0x05329690, int dxpl_id=167772168, H5_iter_order_t order=H5_ITER_INC, unsigned __int64 skip=0, unsigned __int64 * last_lnk=0x0012dd54, int (const H5O_link_t *, void *)* op=0x11f7c0c0, void * op_data=0x0012dcd4)  Line 521 + 0x25 bytes	C
 	hdf5ddll.dll!H5G_obj_iterate(const H5O_loc_t * grp_oloc=0x05329690, H5_index_t idx_type=H5_INDEX_NAME, H5_iter_order_t order=H5_ITER_INC, unsigned __int64 skip=0, unsigned __int64 * last_lnk=0x0012dd54, int (const H5O_link_t *, void *)* op=0x11f7c0c0, void * op_data=0x0012dcd4, int dxpl_id=167772168)  Line 689 + 0x25 bytes	C
 	hdf5ddll.dll!H5G_iterate(int loc_id=33554434, const char * group_name=0x116d8014, H5_index_t idx_type=H5_INDEX_NAME, H5_iter_order_t order=H5_ITER_INC, unsigned __int64 skip=0, unsigned __int64 * last_lnk=0x0012dd54, const H5G_link_iterate_t * lnk_op=0x0012dd3c, void * op_data=0x053295a0, int lapl_id=0, int dxpl_id=167772168)  Line 1678 + 0x2d bytes	C
 	hdf5ddll.dll!H5Giterate(int loc_id=33554434, const char * name=0x116d8014, int * idx_p=0x00000000, int (int, const char *, void *)* op=0x11217531, void * op_data=0x053295a0)  Line 776 + 0x2e bytes	C
 	gdal16d.dll!HDF5Dataset::ReadGlobalAttributes(int bSUBDATASET=1)  Line 917 + 0x20 bytes	C++
 	gdal16d.dll!HDF5Dataset::Open(GDALOpenInfo * poOpenInfo=0x0012de4c)  Line 253 + 0xa bytes	C++
 	gdal16d.dll!GDALOpen(const char * pszFilename=0x0532b1b8, GDALAccess eAccess=GA_ReadOnly)  Line 2010 + 0xc bytes	C++

Attachments (1)

HDF5_StackOverflow.zip (529.8 KB ) - added by gaopeng 14 years ago.
Test HDF5 image

Download all attachments as: .zip

Change History (3)

by gaopeng, 14 years ago

Attachment: HDF5_StackOverflow.zip added

Test HDF5 image

comment:1 by warmerdam, 14 years ago

Description: modified (diff)
Owner: changed from Warmerdam to warmerdam
Status: newassigned

No problem reproducing the problem. The "h5ls -r" report on the file shows: 

/                        Group
/2D\ int\ array          Dataset {100, 50}
/A\ note                 Dataset {2}
/SL\ to\ 3D\ int\ array  -> /arrays/3D int array
/arrays                  Group
/arrays/2D\ float\ array Dataset {100, 50}
/arrays/2D\ int\ array   Dataset, same as /2D\ int\ array
/arrays/3D\ int\ array   Dataset {100, 50, 10}
/arrays/Vdata\ with\ mixed\ types Dataset {20}
/datatypes               Group
/datatypes/A\ Native\ float\ datatype Type
/datatypes/A\ String\ datatype Type
/datatypes/Air\ pressure Type
/images                  Group
/images/Eskimo           Dataset {649, 600}
/images/Eskimo_palette   Dataset {256, 3}
/images/Iceberg          Dataset {375, 375}
/images/iceberg_palette  Dataset {256, 3}
/links                   Group
/links/hard\ links       Group
/links/hard\ links/Eskimo Dataset {600, 650}
/links/hard\ links/RGB\ values Dataset {300, 250}
/links/hard\ links/loop\ back\ to\ links Group, same as /links
/links/soft\ links       Group
/links/soft\ links/2D\ float\ array -> /arrays/2D float array
/links/soft\ links/link\ to\ nowhere -> /void

I presume the problem is the tree walker is not handling looping links well.

comment:2 by warmerdam, 14 years ago

Resolution: fixed
Status: assignedclosed

Corrected based on the loop detection technique from h5ls (1.6.x).

Fixed in trunk (r18004), 1.6 (r18005) and 1.6-esri (r18006).

Note: See TracTickets for help on using tickets.