NULL ptr deref in initial_state_start_fun

Bug #1888672 reported by Steve Grubb on 2020-07-23
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libmetalink
Undecided
Unassigned

Bug Description

I spent some time fuzzing this library until I got a crash. The crash is at
lib/metalink_pstate.c line 103. This is called by lib/libexpat_metalink_parser.c at line 81. The issue is that if "name" does not have NAMESPACE_SEPARATOR, then split_ns_name leaves ns_uri == NULL. The fix is to check ns_uri != NULL before using it in initial_state_start_fun at lines 103 and 119.

Steve Grubb (sgrubb) wrote :
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers