Skip to content

[22843]+[22844] Solve fuzz XMLParser Null-dereference (backport #5668)#5683

Merged
juanjo4936 merged 1 commit into3.1.xfrom
mergify/bp/3.1.x/pr-5668
Mar 6, 2025
Merged

[22843]+[22844] Solve fuzz XMLParser Null-dereference (backport #5668)#5683
juanjo4936 merged 1 commit into3.1.xfrom
mergify/bp/3.1.x/pr-5668

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify bot commented Mar 5, 2025

Description

This PR solves two Null-dereference issues from the XMLParser found in oss-fuzz. Added regression test, and fixed by adding an error message preventing an empty map to be built.

@Mergifyio backport 3.1.x 2.14.x 2.10.x

Contributor Checklist

  • Commit messages follow the project guidelines.

  • The code follows the style guidelines of this project.

  • Tests that thoroughly check the new feature have been added/Regression tests checking the bug and its fix have been added; the added tests pass locally

  • N/A Any new/modified methods have been properly documented using Doxygen.

  • N/A Any new configuration API has an equivalent XML API (with the corresponding XSD extension)

  • Changes are backport compatible: they do NOT break ABI nor change library core behavior.

  • Changes are API compatible.

  • N/A New feature has been added to the versions.md file (if applicable).

  • N/A New feature has been documented/Current behavior is correctly described in the documentation.

  • Applicable backports have been included in the description.

Reviewer Checklist

  • The PR has a milestone assigned.
  • The title and description correctly express the PR's purpose.
  • Check contributor checklist is correct.
  • If this is a critical bug fix, backports to the critical-only supported branches have been requested.
  • Check CI results: changes do not issue any warning.
  • Check CI results: failing tests are unrelated with the changes.
This is an automatic backport of pull request #5668 done by [Mergify](https://mergify.com).

@juanjo4936 @mergify
Solve fuzz XMLParser Null-dereference (#5668)
5b3df97 
* Refs 22843+22844: Regression test

Signed-off-by: Juanjo Garcia <juanjosegarcia@eprosima.com>

* Refs 22843+22844: Fix

Signed-off-by: Juanjo Garcia <juanjosegarcia@eprosima.com>

---------

Signed-off-by: Juanjo Garcia <juanjosegarcia@eprosima.com>
(cherry picked from commit dc26c40)
@mergify mergify bot mentioned this pull request Mar 5, 2025
Merged
12 tasks
@juanjo4936 juanjo4936 added this to the v3.1.3 milestone Mar 5, 2025
@juanjo4936 juanjo4936 requested a review from richiprosima March 5, 2025 07:34
@github-actions github-actions bot added the ci-pending PR which CI is running label Mar 5, 2025
@juanjo4936 juanjo4936 merged commit 735a643 into 3.1.x Mar 6, 2025
17 checks passed
@juanjo4936 juanjo4936 deleted the mergify/bp/3.1.x/pr-5668 branch March 6, 2025 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MiguelCompany MiguelCompany MiguelCompany approved these changes

@richiprosima richiprosima Awaiting requested review from richiprosima

Assignees

No one assigned

Labels

ci-pending PR which CI is running

Projects

None yet

Milestone

v3.1.3 - Frozen ❄️

Development

Successfully merging this pull request may close these issues.

2 participants

@MiguelCompany @juanjo4936