Potential for Null Dereference

[SpaceTrucker2196]

Hello, Our security team has identified potential security concerns in the following files:

HTMLSelector.m:(Line 647) HTMLNode.m:(Line 167)

Impact: Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker might be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.

Recommendation: Implement careful checks before dereferencing objects that might be null. When possible, abstract null checks into wrappers around code that manipulates resources to ensure that they are applied in all cases and to minimize the places where mistakes can occur.

[nolanw]

@spacecoder Thanks for the feedback! Unfortunately I'm having some trouble and I would appreciate your help.

Could you share which version or commit of HTMLReader you were using when you identified these issues?

I'm guessing you were looking at HTMLReader 0.7 (as those line numbers in HTMLReader 0.8 seem unlikely to raise any null dereference dander), in which case I'm afraid I haven't spotted the issue. If my guess is right, can you point out which dereferences you find problematic?