Merge pull request #1441 in HDFFV/hdf5 from ~BMRIBLER/hdf5_bmr_fixbug:develop to develop

* commit '90d13bef33f9e2e80b23996a0c39f16f7c34ecf8':
  Fixed typo Platforms tested:     Darwin (osx1010test)
  Refixed HDFFV-10578 Description:     Applied Neil's fix for this issue after removing previous     attempt.  The resources are now released in init_objs() when     failure occurs there.     Neil will fix HDFFV-10676 separately. Platforms tested:     Linux/64 (jelly)     Linux/64 (platypus)     Darwin (osx1010test)
  Removed previous change in H5O__chunk_deserialize().
  Removed the previous change in H5O__chunk_deserialize()
  Removed previous change in table_list_add().
  Removed the previous change in table_list_add()
  Updated per review Description:     HDFFV-10676 - CVE-2018-13873         Changed the new assert to if statement, per Dana's comment. Platforms tested:     Linux/64 (jelly)
  HDFFV-10578 and HDFFV-10676 Description:     HDFFV-10578 - CVE-2018-17234         The file has some issue, however, there was a bug in h5dump that caused         memory leaks after the problem in the file was encountered. The bug         was that an if statement was missing in the function table_list_add()         resulting in the memory not being freed at a later time.         After the fix had been applied, there were no more leaks after h5dump         detected the issue in the file and reported the error.

3 files changed, 19 insertions, 3 deletions

diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index 23c38b9..578cff0 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
 
         /* Message size */
         UINT16DECODE(chunk_image, mesg_size);
-        HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
+        if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
+            HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
 
         /* Message flags */
         flags = *chunk_image++;
diff --git a/src/H5VM.c b/src/H5VM.c
index 4c0b837..452d378 100644
--- a/src/H5VM.c
+++ b/src/H5VM.c
@@ -1548,7 +1548,7 @@ done:
  *
  * Purpose:	Given source and destination buffers in memory (SRC & DST)
  *              copy sequences of from the source buffer into the destination
- *              buffer.  Each set of sequnces has an array of lengths, an
+ *              buffer.  Each set of sequences has an array of lengths, an
  *              array of offsets, the maximum number of sequences and the
  *              current sequence to start at in the sequence.
  *
diff --git a/tools/lib/h5tools_utils.c b/tools/lib/h5tools_utils.c
index 8ac0d32..e7e017f 100644
--- a/tools/lib/h5tools_utils.c
+++ b/tools/lib/h5tools_utils.c
@@ -561,6 +561,8 @@ herr_t
 init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
     table_t **dset_table, table_t **type_table)
 {
+    herr_t ret_value = SUCCEED;
+
     /* Initialize the tables */
     init_table(group_table);
     init_table(dset_table);
@@ -573,7 +575,20 @@ init_objs(hid_t fid, find_objs_t *info, table_t **group_table,
     info->dset_table = *dset_table;
 
     /* Find all shared objects */
-    return(h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info, H5O_INFO_BASIC));
+    if((ret_value = h5trav_visit(fid, "/", TRUE, TRUE, find_objs_cb, NULL, info, H5O_INFO_BASIC)) < 0)
+        HGOTO_ERROR(FAIL, H5E_tools_min_id_g, "finding shared objects failed")
+
+done:
+    /* Release resources */
+    if(ret_value < 0) {
+        free_table(*group_table);
+        info->group_table = NULL;
+        free_table(*type_table);
+        info->type_table = NULL;
+        free_table(*dset_table);
+        info->dset_table = NULL;
+    }
+    return ret_value;
 }