h5repack crashes with double free when using --low

[Nievesjyl]

Describe the bug
Running h5repack with the --low compression option on a crafted HDF5 file causes the tool to abort due to a double free detected by the GNU C Library allocator.
The program terminates with:
free(): double free detected in tcache 2
SIGABRT

Steps to Reproduce:
The PoC attachment contains the input file that triggers the crash:

PoC.zip

COMMAND LINE: ./h5repack --low 2 -v 2 Double_Free out.h5

Expected behavior
h5repack should handle malformed input gracefully and exit with an error message, rather than aborting due to a double free.

Platform (please complete the following information)

• HDF5 version:
  Git develop branch
  commit: 441d83a
• OS and version:
  Ubuntu 18.04.6 LTS
• Compiler and version:
  clang 14.0.6 (used via hfuzz-clang wrapper)
• Build system (e.g. CMake version) and generator (e.g. XCode, Ninja):
  Build system: CMake 3.30.0
  Generator: default Unix Makefiles (via cmake -S . -B build)
• Any configure options you specified:
  -DHDF5_BUILD_TOOLS=ON -DHDF5_BUILD_EXAMPLES=OFF -DHDF5_BUILD_TESTING=OFF -
  DHDF5_BUILD_HL_LIB=ON -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=ON -
  DCMAKE_BUILD_TYPE=RelWithDebInfo, compiler flags include -g -O2 -fsanitize-coverage=trace-pc-guard -
  finstrument-functions.
• MPI library and version (parallel HDF5):
  Parallel HDF5 not enabled; no MPI library used.

Additional context

GDB output excerpt:
group /
free(): double free detected in tcache 2

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff6e367f1 in __GI_abort () at abort.c:79
#2 0x00007ffff6e7f837 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff6faca7b "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff6e868ba in malloc_printerr (str=str@entry=0x7ffff6fae6e8 "free(): double free detected in tcache 2") at malloc.c:5342
#4 0x00007ffff6e8e0ed in _int_free (have_lock=0, p=0xa877fe0, av=0x7ffff71e1c40 <main_arena>) at malloc.c:4195
#5 __GI___libc_free (mem=0xa877ff0) at malloc.c:3134
#6 0x00000000006c30ba in H5MM_xfree (mem=0xa877ff0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5MM.c:201
#7 H5MM_xfree_const (mem=0xa877ff0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5MM.c:224
#8 0x0000000000575d53 in H5E__clear_entries (nentries=, estack=) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Eint.c:1810
#9 H5E_clear_stack () at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Eint.c:1852
#10 0x0000000000631c2f in H5Gclose (group_id=group_id@entry=144115188075855874) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5G.c:868
#11 0x000000000043fded in do_copy_objects (fidin=fidin@entry=72057594037927936, fidout=fidout@entry=72057594037927937, travt=, options=options@entry=0xa809360)
at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack_copy.c:1482
#12 0x0000000000437abf in copy_objects (
fnamein=fnamein@entry=0x7fffffffe517 "/tmp/73_low_2_v_2/SIGABRT.PC.7ffff6e34e87.STACK.e2e133389.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rcx.fuzz",
fnameout=fnameout@entry=0x7fffffffe583 "out.h5", options=options@entry=0xa809360) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack_copy.c:326
#13 0x000000000045d111 in h5repack (infile=0x7fffffffe517 "/tmp/73_low_2_v_2/SIGABRT.PC.7ffff6e34e87.STACK.e2e133389.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rcx.fuzz",
outfile=0x7fffffffe583 "out.h5", options=options@entry=0xa809360) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack.c:53
#14 0x0000000000463ade in main (argc=, argv=) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack_main.c:1037
(gdb)