Thanks Alexander, (In reply to Alexander Bergmann from comment #5) > Note this does NOT fix the original problem reported in oss-fuzz/35972 > which reports a "Dynamic-stack-buffer-overflow WRITE 16" issue, > which I've been unable to reproduce. judging just from this information, it seems that CVE-2021-45926 is not fixed upstream. > However, comment 0 was talking about a "stack-based buffer overflow" and > this commit about a "NULL pointer deref". So it's kind of a mess.