From 0713ba4a719da938dc8facc89fca99cd0aa3069f Mon Sep 17 00:00:00 2001
From: Ar Jun <pkillarjun@protonmail.com>
Date: Sat, 16 Nov 2024 11:50:09 -0600
Subject: [PATCH] Fix possible NULL deref in soup_uri_decode_data_uri

---
 libsoup/soup-uri-utils.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
index 4e76b74d..9dab5d65 100644
--- a/libsoup/soup-uri-utils.c
+++ b/libsoup/soup-uri-utils.c
@@ -303,6 +303,8 @@ soup_uri_decode_data_uri (const char *uri,
 
         uri_string = g_uri_to_string (soup_uri);
         g_uri_unref (soup_uri);
+        if (!uri_string)
+                return NULL;
 
         start = uri_string + 5;
         comma = strchr (start, ',');
-- 
From 79cfd65c9bd8024cd45dd725c284766329873709 Mon Sep 17 00:00:00 2001
From: Patrick Griffis <pgriffis@igalia.com>
Date: Fri, 22 Nov 2024 13:39:51 -0600
Subject: [PATCH] soup_uri_decode_data_uri(): Handle URIs with a path starting
 with //

---
 libsoup/soup-uri-utils.c | 8 ++++++++
 tests/uri-parsing-test.c | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/libsoup/soup-uri-utils.c b/libsoup/soup-uri-utils.c
index 9dab5d65..f61e7656 100644
--- a/libsoup/soup-uri-utils.c
+++ b/libsoup/soup-uri-utils.c
@@ -286,6 +286,7 @@ soup_uri_decode_data_uri (const char *uri,
         gboolean base64 = FALSE;
         char *uri_string;
         GBytes *bytes;
+        const char *path;
 
         g_return_val_if_fail (uri != NULL, NULL);
 
@@ -301,6 +302,13 @@ soup_uri_decode_data_uri (const char *uri,
         if (content_type)
                 *content_type = NULL;
 
+        /* g_uri_to_string() is picky about paths that start with `//` and will assert. */
+        path = g_uri_get_path (soup_uri);
+        if (path[0] == '/' && path[1] == '/') {
+                g_uri_unref (soup_uri);
+                return NULL;
+        }
+
         uri_string = g_uri_to_string (soup_uri);
         g_uri_unref (soup_uri);
         if (!uri_string)
diff --git a/tests/uri-parsing-test.c b/tests/uri-parsing-test.c
index 1f16273d..418391eb 100644
--- a/tests/uri-parsing-test.c
+++ b/tests/uri-parsing-test.c
@@ -141,6 +141,8 @@ static struct {
         { "data:text/plain;base64,aGVsbG8=", "hello", "text/plain" },
         { "data:text/plain;base64,invalid=", "", "text/plain" },
         { "data:,", "", CONTENT_TYPE_DEFAULT },
+        { "data:.///", NULL, NULL },
+        { "data:/.//", NULL, NULL },
 };
 
 static void
-- 
2.49.0