config_format: fix possible heap overflow (#7768)

The return value of `strchr` is not checked for failure. If it's failure
then `tmp` will be `0` in the `(tmp-p)` calculation, causing `xlen` to
be `p`. `xlen` is later  used for copying memory by way of `memcpy` in
string creation using `flb_sds_create_len`. This fixes it.

Signed-off-by: David Korczynski <[email protected]>

Author: DavidKorczynski

src/config_format/flb_config_format.c

@@ -420,6 +420,9 @@ struct flb_kv *flb_cf_meta_property_add(struct flb_cf *cf, char *meta, int len)
 
     p = meta;
     tmp = strchr(p, ' ');
+    if (tmp == NULL) {
+        return NULL;
+    }
     xlen = (tmp - p);
 
     /* create k/v pair */