Segmentation Fault in example_xlsxio_read.c with AddressSanitizer

[shuangxiangkan]

Description:

I'm encountering a segmentation fault when running example_xlsxio_read.c with AddressSanitizer enabled. The issue occurs during the execution of the strcasecmp function, suggesting a potential null pointer dereference or invalid memory access.

Steps to Reproduce:

1. Build the project with AddressSanitizer:

   mkdir build && cd build
   cmake .. -DWITH_LIBZIP=1 -DCMAKE_C_FLAGS="-fsanitize=address" -DCMAKE_CXX_FLAGS="-fsanitize=address"
   make

2. Execute the example:

   ./example_xlsxio_read /Path-to-PoC/PoC

Environment:

• xlsxio version: 0.2.36
• Operating System: Ubuntu 22.04.5 LTS
• Compiler: clang-14

Additional Information:

• The issue can be consistently reproduced with the provided PoC file:
  PoC.zip

Backtrace:

XLSX I/O library version 0.2.36
Available sheets:
 - Sheet
Contents of first sheet:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3300203==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x559c300026a0 bp 0x7ffe2d974940 sp 0x7ffe2d9740f0 T0)
==3300203==The signal is caused by a READ memory access.
==3300203==Hint: address points to the zero page.
    #0 0x559c300026a0 in strcasecmp (/home/kansx/Papers/Libraries/xlsxio/build-clang/example_xlsxio_read+0x356a0) (BuildId: bb0ea98164e884121ea9accac0f52cc334aba904)
    #1 0x7f64c319fc94 in main_sheet_get_sheetfile_expat_callback_element_start (libxlsxio_read.so+0x7c94) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #2 0x7f64c30d5843  (/lib/x86_64-linux-gnu/libexpat.so.1+0xd843) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #3 0x7f64c30d3ecd  (/lib/x86_64-linux-gnu/libexpat.so.1+0xbecd) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #4 0x7f64c30d4dbb  (/lib/x86_64-linux-gnu/libexpat.so.1+0xcdbb) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #5 0x7f64c30cc4e7  (/lib/x86_64-linux-gnu/libexpat.so.1+0x44e7) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #6 0x7f64c30d8f96 in XML_ParseBuffer (/lib/x86_64-linux-gnu/libexpat.so.1+0x10f96) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #7 0x7f64c319dab9 in expat_process_zip_file (libxlsxio_read.so+0x5ab9) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #8 0x7f64c31a02b7 in main_sheet_get_sheetfile_callback (libxlsxio_read.so+0x82b7) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #9 0x7f64c319eecb in iterate_files_by_contenttype_expat_callback_element_start (libxlsxio_read.so+0x6ecb) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #10 0x7f64c30d55eb  (/lib/x86_64-linux-gnu/libexpat.so.1+0xd5eb) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #11 0x7f64c30d693d  (/lib/x86_64-linux-gnu/libexpat.so.1+0xe93d) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #12 0x7f64c30cc4e7  (/lib/x86_64-linux-gnu/libexpat.so.1+0x44e7) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #13 0x7f64c30d8f96 in XML_ParseBuffer (/lib/x86_64-linux-gnu/libexpat.so.1+0x10f96) (BuildId: e16bd88eff9c79f864766208d4e3de9e8dac1e2f)
    #14 0x7f64c319dab9 in expat_process_zip_file (libxlsxio_read.so+0x5ab9) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #15 0x7f64c319f3e4 in iterate_files_by_contenttype (libxlsxio_read.so+0x73e4) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #16 0x7f64c31a427c in xlsxioread_process (libxlsxio_read.so+0xc27c) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #17 0x7f64c31a5742 in xlsxioread_sheet_open (libxlsxio_read.so+0xd742) (BuildId: 676fc1c4f6b216356e4d6b2ad65d7432fa76a8a2)
    #18 0x559c300a911e in main (/home/kansx/Papers/Libraries/xlsxio/build-clang/example_xlsxio_read+0xdc11e) (BuildId: bb0ea98164e884121ea9accac0f52cc334aba904)
    #19 0x7f64c2dbfd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #20 0x7f64c2dbfe3f in __libc_start_main csu/../csu/libc-start.c:392:3
    #21 0x559c2ffeb3c4 in _start (/home/kansx/Papers/Libraries/xlsxio/build-clang/example_xlsxio_read+0x1e3c4) (BuildId: bb0ea98164e884121ea9accac0f52cc334aba904)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/home/kansx/Papers/Libraries/xlsxio/build-clang/example_xlsxio_read+0x356a0) (BuildId: bb0ea98164e884121ea9accac0f52cc334aba904) in strcasecmp