NDO: Fix pull pointer write

[Marti2203]

Fixes the following issue detected by OSS-Fuzz:

• https://issues.oss-fuzz.com/issues/386860187

This fix was generated by CodeRover-S, an LLM agent for fixing security vulnerabilities. More details can be found at:

• https://arxiv.org/pdf/2411.03346
• https://github.com/AutoCodeRoverSG/auto-code-rover

[evanmiller]

The C file is automatically generated from src/spss/readstat_sav_parse_mr_name.rl. So this will need to be fixed in the underlying file. CC @slobodan-ilic

[Marti2203]

Hi! Thanks for the response, would you like me to move the changes to the rl file if they are okay?

[evanmiller]

Sounds good; though I would prefer if these functions used readstat_malloc / readstat_realloc found in readstat_malloc.h. You will need Ragel installed to regenerate the C files.

[Marti2203]

Hi @evanmiller , I used Ragel State Machine Compiler version 7.0.4 February 2021 to regenerate the C file. I see there is a merge conflict, do you want me to take care of it?

[evanmiller]

The .rl changes look good. I'm not sure why Ragel is re-tabbing some of the files, but I'm happy to merge in whatever once the merge conflicts are resolved.

[Marti2203]

@evanmiller should be good now, I fixed the merge conflict. I did not touch the C file, only used ragel
ragel src/spss/readstat_sav_parse_mr_name.rl -o src/spss/readstat_sav_parse_mr_name.c from the root dir. Hope that this was the correct invocation :)

[evanmiller]

Thank you!