From c44feb80c2b1d6fbf4c2e6085b7ccb8b9f9bd062 Mon Sep 17 00:00:00 2001
From: Sean McBride <sean@rogue-research.com>
Date: Mon, 29 Jun 2020 11:35:11 -0400
Subject: [PATCH] Fixed stack buffer overflow due to providing a too-small
 variable to H5Rdereference2()

Found by ASan:

==52756==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffeefbfedc8 at pc 0x000100be250f bp 0x7ffeefbfe890 sp 0x7ffeefbfe888
READ of size 1 at 0x7ffeefbfedc8 thread T0
    #0 0x100be250e in H5R__dereference H5Rint.c:416
    #1 0x100bddbd1 in H5Rdereference2 H5R.c:185
    #2 0x1001c168c in test_reference_region trefer.c:798
    #3 0x1001ba134 in test_reference trefer.c:1863
    #4 0x100660c42 in PerformTests testframe.c:323
    #5 0x100001fdc in main testhdf5.c:77
    #6 0x7fff5eec6014 in start (libdyld.dylib:x86_64+0x1014)

Address 0x7ffeefbfedc8 is located in stack of thread T0 at offset 616 in frame
    #0 0x1001be1df in test_reference_region trefer.c:507
---
 test/trefer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/trefer.c b/test/trefer.c
index 6b67eb48e45..f35f736dd3a 100644
--- a/test/trefer.c
+++ b/test/trefer.c
@@ -535,7 +535,7 @@ test_reference_region(H5F_libver_t libver_low, H5F_libver_t libver_high)
     hssize_t hssize_ret;    /* hssize_t return value */
     htri_t tri_ret;         /* htri_t return value */
     herr_t ret;             /* Generic return value */
-    haddr_t addr = HADDR_UNDEF;     /* test for undefined reference */
+	haddr_t addr[2] = {HADDR_UNDEF, 0};     /* test for undefined reference */
     hid_t dset_NA;                  /* Dataset id for undefined reference */
     hid_t space_NA;                 /* Dataspace id for undefined reference */
     hsize_t dims_NA[1] = {1};       /* Dims array for undefined reference */