h5repack aborts with heap corruption when using -S NONE

[Nievesjyl]

Describe the bug
Running h5repack with -S NONE on a crafted HDF5 input file causes the tool to abort due to heap corruption, detected by the GNU C Library allocator.

Steps to Reproduce:
The PoC attachment contains the input file that triggers the crash:

PoC.zip

COMMAND LINE: ./h5repack -S NONE Heap_Corruption_2 out.h5

Expected behavior
h5repack should handle malformed input gracefully and either reject the file or exit cleanly with an error message, rather than aborting due to heap corruption.

Platform (please complete the following information)

• HDF5 version:
  Git develop branch
  commit: 441d83a
• OS and version:
  Ubuntu 18.04.6 LTS
• Compiler and version:
  clang 14.0.6 (used via hfuzz-clang wrapper)
• Build system (e.g. CMake version) and generator (e.g. XCode, Ninja):
  Build system: CMake 3.30.0
  Generator: default Unix Makefiles (via cmake -S . -B build)
• Any configure options you specified:
  -DHDF5_BUILD_TOOLS=ON -DHDF5_BUILD_EXAMPLES=OFF -DHDF5_BUILD_TESTING=OFF -
  DHDF5_BUILD_HL_LIB=ON -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=ON -
  DCMAKE_BUILD_TYPE=RelWithDebInfo, compiler flags include -g -O2 -fsanitize-coverage=trace-pc-guard -
  finstrument-functions.
• MPI library and version (parallel HDF5):
  Parallel HDF5 not enabled; no MPI library used.

Additional context
GDB output excerpt:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
malloc_consolidate(): invalid chunk size

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff6e367f1 in __GI_abort () at abort.c:79
#2 0x00007ffff6e7f837 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff6faca7b "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff6e868ba in malloc_printerr (str=str@entry=0x7ffff6fae2d8 "malloc_consolidate(): invalid chunk size") at malloc.c:5342
#4 0x00007ffff6e86b5e in malloc_consolidate (av=av@entry=0x7ffff71e1c40 <main_arena>) at malloc.c:4471
#5 0x00007ffff6e8a848 in _int_malloc (av=av@entry=0x7ffff71e1c40 <main_arena>, bytes=bytes@entry=2096) at malloc.c:3713
#6 0x00007ffff6e8d0ac in __GI___libc_malloc (bytes=2096) at malloc.c:3067
#7 0x00000000004e8d9f in H5C__flush_single_entry (f=f@entry=0xa86e470, entry_ptr=entry_ptr@entry=0xa877570, flags=flags@entry=16384)
at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Centry.c:540
#8 0x000000000050422a in H5C__flush_ring (f=0x2, f@entry=0xa86e470, ring=ring@entry=1, flags=flags@entry=0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Cint.c:1748
#9 0x00000000004e4531 in H5C_flush_cache (f=f@entry=0xa86e470, flags=flags@entry=0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5C.c:710
#10 0x00000000004bbfb8 in H5AC_flush (f=f@entry=0xa86e470) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5AC.c:645
#11 0x00000000005a6742 in H5F__flush_phase2 (f=f@entry=0xa86e470, closing=true) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Fint.c:2346
#12 0x00000000005a52e2 in H5F__dest (f=f@entry=0xa86e470, flush=24, free_on_failure=20) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Fint.c:1441
#13 0x00000000005a759f in H5F_try_close (f=f@entry=0xa86e470, was_closed=was_closed@entry=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Fint.c:2685
#14 0x00000000005a6c0b in H5F__close (f=f@entry=0xa86e470) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Fint.c:2487
#15 0x0000000000a4a5f0 in H5VL__native_file_close (file=file@entry=0xa86e470, dxpl_id=, req=)
at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5VLnative_file.c:777
#16 0x0000000000a1cfc5 in H5VL__file_close (obj=0xa86e470, cls=0xa869d70, dxpl_id=140737488343168, req=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5VLcallback.c:4326
#17 H5VL_file_close (vol_obj=vol_obj@entry=0xa8731b0, dxpl_id=140737488343168, req=req@entry=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5VLcallback.c:4360
#18 0x00000000005ac330 in H5F__close_cb (file_vol_obj=file_vol_obj@entry=0xa8731b0, request=request@entry=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Fint.c:249
#19 0x000000000069af84 in H5I__dec_ref (id=72057594037927937, request=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Iint.c:1076
#20 H5I__dec_app_ref (id=72057594037927937, request=0x0) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Iint.c:1156
#21 H5I_dec_app_ref (id=id@entry=72057594037927937) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5Iint.c:1201
#22 0x0000000000591a46 in H5Fclose (file_id=file_id@entry=72057594037927937) at /root/DriveSched/benchmarks/hdf5/hdf5/src/H5F.c:1040
#23 0x00000000004361d8 in copy_objects (
fnamein=fnamein@entry=0x7fffffffe510 "/tmp/cbh_tmp/559_S_NONE/SIGABRT.PC.7ffff6e34e87.STACK.19cfba42a6.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rcx.fuzz",
fnameout=fnameout@entry=0x7fffffffe583 "out.h5", options=options@entry=0xa809360) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack_copy.c:390
#24 0x000000000045d111 in h5repack (infile=0x7fffffffe510 "/tmp/cbh_tmp/559_S_NONE/SIGABRT.PC.7ffff6e34e87.STACK.19cfba42a6.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rcx.fuzz",
outfile=0x7fffffffe583 "out.h5", options=options@entry=0xa809360) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack.c:53
#25 0x0000000000463ade in main (argc=, argv=) at /root/DriveSched/benchmarks/hdf5/hdf5/tools/src/h5repack/h5repack_main.c:1037
(gdb)