Fix vuln OSV-2024-381

Author: oss-patch

src/H5Faccum.c

@@ -891,10 +891,22 @@ H5F__accum_free(H5F_shared_t *f_sh, H5FD_mem_t H5_ATTR_UNUSED type, haddr_t addr
                 size_t new_accum_size; /* Size of new accumulator buffer */
 
                 /* Calculate the size of the overlap with the accumulator, etc. */
+                if (H5F_addr_overflow(addr, size)) {
+                    HGOTO_ERROR(H5E_ARGS, H5E_OVERFLOW, FAIL, "address overflow when calculating overlap size");
+                }
                 H5_CHECKED_ASSIGN(overlap_size, size_t, (addr + size) - accum->loc, haddr_t);
                 new_accum_size = accum->size - overlap_size;
 
                 /* Move the accumulator buffer information to eliminate the freed block */
+                if (new_accum_size > accum->alloc_size) {
+                    unsigned char *new_buf = (unsigned char *)H5MM_realloc(accum->buf, new_accum_size);
+                    if (!new_buf) {
+                        /* Handle allocation failure */
+                        HGOTO_ERROR(H5E_RESOURCE, H5E_NOSPACE, FAIL, "memory allocation failed for metadata accumulator buffer");
+                    }
+                    accum->buf = new_buf;
+                    accum->alloc_size = new_accum_size;
+                }
                 HDmemmove(accum->buf, accum->buf + overlap_size, new_accum_size);
 
                 /* Adjust the accumulator information */