Segmentation fault in xlnt::path::parent()

[apach301]

Hi,
I was playing with libFuzzer and found crash when opening xlsx-file with xlnt::workbook::load function.

Segmentation fault occurs when loading crash-8cb0fe2091dafe71d9c420162852e4d3da1b3d22.txt file. You can use docker and fuzz targets from oss-sydr-fuzz to reproduce error:

/load_fuzzer crash-8cb0fe2091dafe71d9c420162852e4d3da1b3d22.txt

Sanitizer output:

=================================================================
==32039==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffffffffffe0 (pc 0x7fef150145c4 bp 0x7ffe2fc80e40 sp 0x7ffe2fc80de8 T0)
==32039==The signal is caused by a READ memory access.
    #0 0x7fef150145c4 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1435c4)
    #1 0x75d942 in void __gnu_cxx::new_allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >::destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/ext/new_allocator.h:153:10
    #2 0x75ba36 in void std::allocator_traits<std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::destroy<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/alloc_traits.h:497:8
    #3 0xecbf3f in std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::pop_back() /usr/bin/../lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:1226:2
    #4 0x101a424 in xlnt::path::parent() const /xlnt/source/utils/path.cpp:185:16
    #5 0xa5ac68 in xlnt::detail::xlsx_consumer::read_relationships(xlnt::path const&) /xlnt/source/detail/serialization/xlsx_consumer.cpp:1432:38
    #6 0x9f8815 in xlnt::detail::xlsx_consumer::populate_workbook(bool) /xlnt/source/detail/serialization/xlsx_consumer.cpp:1639:37
    #7 0x9f67b2 in xlnt::detail::xlsx_consumer::read(std::istream&) /xlnt/source/detail/serialization/xlsx_consumer.cpp:401:5
    #8 0x546bac in xlnt::workbook::load(std::istream&) /xlnt/source/workbook/workbook.cpp:894:18
    #9 0x56df87 in xlnt::workbook::load(std::vector<unsigned char, std::allocator<unsigned char> > const&) /xlnt/source/workbook/workbook.cpp:919:5
    #10 0x514da2 in LLVMFuzzerTestOneInput /xlnt/build/../load_fuzzer.cc:9:23
    #11 0x441d41 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #12 0x42c35c in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
    #13 0x4320cb in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
    #14 0x45ae12 in main /llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #15 0x7fef14b660b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #16 0x426c7d in _start (/load_fuzzer+0x426c7d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libstdc++.so.6+0x1435c4) in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string()
==32039==ABORTING