From: Michael R Sweet <msweet@msweet.org>
Date: Tue, 26 Jan 2021 08:02:32 -0500
Subject: CVE-2021-23180

Fix a crash bug with malformed URIs (Issue #418)

Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a
Bug: https://github.com/michaelrsweet/htmldoc/issues/418
Bug-Debian: https://bugs.debian.org/989437
---
 htmldoc/file.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/htmldoc/file.c
+++ b/htmldoc/file.c
@@ -303,6 +303,7 @@
 file_extension(const char *s)	/* I - Filename or URL */
 {
   const char	*extension;	/* Pointer to directory separator */
+  char		*bufptr;	/* Pointer into buffer */
   static char	buf[1024];	/* Buffer for files with targets */
 
 
@@ -326,7 +327,8 @@
 
   strlcpy(buf, extension, sizeof(buf));
 
-  *(char *)strchr(buf, '#') = '\0';
+  if ((bufptr = strchr(buf, '#')) != NULL)
+    *bufptr = '\0';
 
   return (buf);
 }