libmetalink

Overview
Code
Bugs
Blueprints
Translations
Answers

NULL ptr deref in initial_state_start_fun

Bug #1888672 reported by Steve Grubb on 2020-07-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libmetalink	New	Undecided	Unassigned

Bug Description

I spent some time fuzzing this library until I got a crash. The crash is at
lib/metalink_pstate.c line 103. This is called by lib/libexpat_metalink_parser.c at line 81. The issue is that if "name" does not have NAMESPACE_SEPARATOR, then split_ns_name leaves ns_uri == NULL. The fix is to check ns_uri != NULL before using it in initial_state_start_fun at lines 103 and 119.

Revision history for this message

Steve Grubb (sgrubb) wrote on 2020-07-23:

Patch addressing issue Edit (997 bytes, text/plain)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Patch addressing issue Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.