From ff0839d9225a593b2b656afa57d49e47698c6c53 Mon Sep 17 00:00:00 2001
From: bmribler <39579120+bmribler@users.noreply.github.com>
Date: Mon, 23 Sep 2024 08:25:18 -0400
Subject: [PATCH] Fixes a segfault in h5dump (#4862)

* Fixes a segfault in h5dump

The B-tree node level was corrupted, resulting in a segfault later.
This PR adds a check to detect when the node level is greater than
the number of entries and issue an error instead.

Fixes GH-4432
---
 src/H5Bcache.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/H5Bcache.c b/src/H5Bcache.c
index 007912053e9..0b1010ba832 100644
--- a/src/H5Bcache.c
+++ b/src/H5Bcache.c
@@ -179,6 +179,12 @@ H5B__cache_deserialize(const void *_image, size_t len, void *_udata, bool H5_ATT
     if (bt->nchildren > shared->two_k)
         HGOTO_ERROR(H5E_BTREE, H5E_BADVALUE, NULL, "number of children is greater than maximum");
 
+    /* Check in case of level is corrupted, it is unreasonable for level to be
+       larger than the number of entries */
+    if (bt->level > bt->nchildren)
+        HGOTO_ERROR(H5E_BTREE, H5E_BADVALUE, NULL,
+                    "level cannot be greater than the number of children, possibly corrupted");
+
     /* Sibling pointers */
     if (H5_IS_BUFFER_OVERFLOW(image, H5F_sizeof_addr(udata->f), p_end))
         HGOTO_ERROR(H5E_BTREE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");