H5Dread_chunk() currently has the signature: herr_t H5Dread_chunk(hid_t dset_id, hid_t dxpl_id, const hsize_t *offset, uint32_t *filters, void *buf);

This is potentially not memory safe because hte caller does not specify the size of buf. This is especialy problematic because the fitler can potentially increase the size of the chunk, meaning the only way for a caller to definitely know how big buf needs to be is to call H5Dget_chunk_info() first. We should add a size parameter to H5Dread_chunk(), which the caller initializes with the size of buf, and on exit contains the size of the filtered chunk (the needed size of buf). If the buffer is not big enough to read the entire chunk, the contents of buf are unchanged. This would allow the caller to pass a buffer they think is big enough without creating memory (and potentially security) errors if they're wrong and without needed to call H5Dget_Chunk_info() every time, which adds overhead and thereby partially defeats the purpose of the direct chunk I/O interface.