From 820d8e34c5845f85690a4d65ca31b21fdcfd23cf Mon Sep 17 00:00:00 2001
From: Binh-Minh Ribler <bmribler@hdfgroup.org>
Date: Sun, 6 Jan 2019 21:42:16 -0600
Subject: Updated per review Description:     HDFFV-10676 - CVE-2018-13873     
    Changed the new assert to if statement, per Dana's comment. Platforms
 tested:     Linux/64 (jelly)

---
 src/H5Ocache.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/H5Ocache.c b/src/H5Ocache.c
index 034048f..34277d1 100644
--- a/src/H5Ocache.c
+++ b/src/H5Ocache.c
@@ -1404,7 +1404,8 @@ H5O__chunk_deserialize(H5O_t *oh, haddr_t addr, size_t len, const uint8_t *image
         if((flags & H5O_MSG_FLAG_WAS_UNKNOWN) && !(flags & H5O_MSG_FLAG_MARK_IF_UNKNOWN))
             HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "bad flag combination for message")
 
-        HDassert(id < NELMTS(H5O_msg_class_g));
+        if(id >= NELMTS(H5O_msg_class_g))
+            HGOTO_ERROR(H5E_OHDR, H5E_CANTLOAD, FAIL, "invalid type of current message")
         if((flags & H5O_MSG_FLAG_SHAREABLE)
                 && H5O_msg_class_g[id]
                 && !(H5O_msg_class_g[id]->share_flags & H5O_SHARE_IS_SHARABLE))
-- 
cgit v0.12