HDFFV-10578 and HDFFV-10676

Description:
    HDFFV-10578 - CVE-2018-17234
        The file has some issue, however, there was a bug in h5dump that caused
        memory leaks after the problem in the file was encountered. The bug
        was that an if statement was missing in the function table_list_add()
        resulting in the memory not being freed at a later time.
        After the fix had been applied, there were no more leaks after h5dump
        detected the issue in the file and reported the error.

        In H5O__chunk_deserialize, replaced an assert with an if statement
        and reporting error, per Neil's recommendation

    HDFFV-10676 - CVE-2018-13873
        Also in H5O__chunk_deserialize, added an assertion to detect
        out of bound ids

1 files changed, 4 insertions, 1 deletions

diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index fba4f6e..034048f 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1390,7 +1390,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
 
         /* Message size */
         UINT16DECODE(chunk_image, mesg_size);
-        HDassert(mesg_size == H5O_ALIGN_OH(oh, mesg_size));
+        if(mesg_size != H5O_ALIGN_OH(oh, mesg_size))
+            HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "message not aligned")
 
         /* Message flags */
         flags = *chunk_image++;
@@ -1402,6 +1403,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
             HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
         if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
             HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
+
+        HDassert(id < NELMTS(H5O_msg_class_g));
         if((flags & H5O_MSG_FLAG_SHAREABLE)
                 && H5O_msg_class_g[id]
                 && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))