faup crash at tld-tree.c:295

[DavidZ2019]

An application using faup parsing url crashed. Put it in gdb, showed that crashed on tld-tree.c:295.

Then put a printf in the code after line: p = tld + tld_len - 1; printf("tld %s tld_len %d p %s\n", tld, tld_len, p);

Got the following output when parsing antispyware.giantcompany.microsoft.akadns.net tld net tld_len 3 p t tld akadns.net tld_len 10 p t tld net tld_len 34 p ESC*

The third output tld_len is 34, which does not make any sense. And the content in p is garbage.

Please check. Thanks

[stricaud]

Thank you very much!

This is what I have here with the latest git, can you reproduce it when you run the same command line?

I will double check that code and add as much validation as I can.

$ faup -o json antispyware.giantcompany.microsoft.akadns.net { "scheme": "", "credential": "", "subdomain": "antispyware.giantcompany.microsoft", "domain": "akadns.net", "domain_without_tld": "akadns", "host": "antispyware.giantcompany.microsoft.akadns.net", "tld": "net", "port": "", "resource_path": "", "query_string": "", "fragment": "", "url_type": "mozilla_tld" }

[doc-diner]

I've also encountered this exact problem on several longer host names. One such example:

bird.ftoghiabwigig.corp.root.gov.net

Valgrind detects the issue with almost every url parse, but a SEGFAULT is rarer. Confirmed in gdb. Inside the function faup_tld_tree_tld_exists(), variable p ends up pointing to outside of the tld string.