version: 1.8.1
in file: html-url.c
in function:
tag_handle_meta()
{
... skipped ...
char *p, *refresh = find_attr (tag, "content", &attrind);
int timeout = 0;
for (p = refresh; ISDIGIT (*p); p++)
... skipped ...
}
BUG description:
find_attr() MAY return NULL, but this NOT checked in code listed above,
JUST USING POINTERS WITHOUT NULL CHECKING, do you understand me??? :)
For example:
Wget CRASH when trying grab URL from this MALFORMED BUT POSSIBLE tag:
<meta http-equiv=Refresh>
