Created attachment 1702548 [details] Patch addressing issue Description of problem: I spent some time fuzzing this library until I got a crash. The crash is at lib/metalink_pstate.c line 103. This is called by lib/libexpat_metalink_parser.c at line 81. The issue is that if "name" does not have NAMESPACE_SEPARATOR, then split_ns_name leaves ns_uri == NULL. The fix is to check ns_uri != NULL before using it in initial_state_start_fun at lines 103 and 119. Version-Release number of selected component (if applicable): libmetalink-0.1.3-11 Additional info: Reported upstream: https://bugs.launchpad.net/libmetalink/+bug/1888672
Thanks a lot! I have applied the patch and, and just submitted a new build.
FEDORA-2020-c3ca827d31 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-c3ca827d31
FEDORA-2020-2a9b45c1f5 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-2a9b45c1f5
FEDORA-2020-2a9b45c1f5 has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-2a9b45c1f5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-2a9b45c1f5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-c3ca827d31 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-c3ca827d31` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-c3ca827d31 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-c3ca827d31 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle. Changing version to 33.
FEDORA-2020-2a9b45c1f5 has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.