CVE-2021-46142: uriNormalizeSyntax* may free stack memory in out-of-memory situation when handling URIs containing empty segments · Issue #122 · uriparser/uriparser

A bug was found within the uriparser. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using uriparser. It would be best if the affected logic is checked beforehand.
The bug was found with a fuzzer based on the test-code"NormalizeSyntaxExMm"

_crash log

==3440==ERROR: AddressSanitizer: SEGV on unknown address 0x0000004d9be0 (pc 0x00000041ca94 bp 0x000000000000 sp 0x7ffd2468e6e0 T0)
==3440==The signal is caused by a WRITE memory access.
    #0 0x41ca94 in __asan::Allocator::Deallocate(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType)
    #1 0x493d41 in free 
    #2 0x4c6892 in (anonymous namespace)::countingFree(UriMemoryManagerStruct*, void*) 
    #3 0x7faf2e1ac4b2 in uriNormalizeSyntaxExMmA_ 

Steps to reproduce:

1. git clone https://github.com/uriparser/uriparser.git
2. cd uriparser & mkdir build & cd build
3. Build
   cmake -DCMAKE_BUILD_TYPE=Release -DURIPARSER_BUILD_DOCS:BOOL=OFF -DBUILD_SHARED_LIBS:BOOL=ON …
   make -j8
4. Download the attached file(2.cpp)
5. Build TEST CODE (2.cpp)
   clang++ -g -fsanitize=address,fuzzer-no-link -o 2 2.cpp -I uriparser/include/ -I uriparser/ -Luriparser/build -luriparser
6. Run
   LD_LIBRARY_PATH=uriparser/build/ ./2

OS:ubuntu 18.04
uriparser_poc2.tar.gz