NULL ptr deref in initial_state_start_fun

Bug #1888672 reported by Steve Grubb
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

I spent some time fuzzing this library until I got a crash. The crash is at
lib/metalink_pstate.c line 103. This is called by lib/libexpat_metalink_parser.c at line 81. The issue is that if "name" does not have NAMESPACE_SEPARATOR, then split_ns_name leaves ns_uri == NULL. The fix is to check ns_uri != NULL before using it in initial_state_start_fun at lines 103 and 119.

Revision history for this message
Steve Grubb (sgrubb) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.