Merge pull request #1441 in HDFFV/hdf5 from ~BMRIBLER/hdf5_bmr_fixbug:develop to develop

* commit '90d13bef33f9e2e80b23996a0c39f16f7c34ecf8':
  Fixed typo Platforms tested:     Darwin (osx1010test)
  Refixed HDFFV-10578 Description:     Applied Neil's fix for this issue after removing previous     attempt.  The resources are now released in init_objs() when     failure occurs there.     Neil will fix HDFFV-10676 separately. Platforms tested:     Linux/64 (jelly)     Linux/64 (platypus)     Darwin (osx1010test)
  Removed previous change in H5O__chunk_deserialize().
  Removed the previous change in H5O__chunk_deserialize()
  Removed previous change in table_list_add().
  Removed the previous change in table_list_add()
  Updated per review Description:     HDFFV-10676 - CVE-2018-13873         Changed the new assert to if statement, per Dana's comment. Platforms tested:     Linux/64 (jelly)
  HDFFV-10578 and HDFFV-10676 Description:     HDFFV-10578 - CVE-2018-17234         The file has some issue, however, there was a bug in h5dump that caused         memory leaks after the problem in the file was encountered. The bug         was that an if statement was missing in the function table_list_add()         resulting in the memory not being freed at a later time.         After the fix had been applied, there were no more leaks after h5dump         detected the issue in the file and reported the error.

1 files changed, 2 insertions, 1 deletions

diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index 23c38b9..578cff0 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
 
         /* Message size */
         UINT16DECODE(chunk_image, mesg_size);
-        HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
+        if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
+            HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
 
         /* Message flags */
         flags = *chunk_image++;