Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode (#2697)

* Fixed GH-2603, heap-buffer-overflow in H5O__linfo_decode

Verified with valgrind -v --tool=memcheck --leak-check=full h5dump POV-GH-2603
The several invalid reads shown originally are now gone.

1 files changed, 10 insertions, 2 deletions

diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt
index f64fdd4..2dcb057 100644
--- a/release_docs/RELEASE.txt
+++ b/release_docs/RELEASE.txt
@@ -147,7 +147,7 @@ Support for new platforms, languages and compilers
 ==================================================
     -
     
-Bug Fixes since HDF5-1.13.3 release
+Bug Fixes since HDF5-1.14.0 release
 ===================================
     Library
     -------
@@ -162,6 +162,15 @@ Bug Fixes since HDF5-1.13.3 release
 
       (DER - 2023/04/13 GH-2605)
 
+    - Fixed potential heap buffer overflow in decoding of link info message
+
+      Detections of buffer overflow were added for decoding version, index
+      flags, link creation order value, and the next three addresses.  The
+      checkings will remove the potential invalid read of any of these
+      values that could be triggered by a malformed file.
+
+      (BMR - 2023/04/12 GH-2603)
+
     - Memory leak
 
       Memory leak was detected when running h5dump with "pov".  The memory was allocated
@@ -175,7 +184,6 @@ Bug Fixes since HDF5-1.13.3 release
 
       (VC - 2023/04/11 GH-2599)
 
-
     - Fixed memory leaks that could occur when reading a dataset from a
       malformed file