Created attachment 294728 [details] [review]
Patch fixing the problem.

In gssdp-0.14.11, tools/gssdp-device-sniffer.c:resource_available_cb splits a string into tokens, and then splits the second token again, if it exists:

        usn_tokens = g_strsplit (usn, "::", -1);
        g_assert (usn_tokens != NULL && usn_tokens[0] != NULL);

        uuid = usn_tokens[0] + 5; /* skip the prefix 'uuid:' */

        if (usn_tokens[1]) {
                char **urn_tokens;

                urn_tokens = g_strsplit (usn_tokens[1], ":device:", -1);
                        
                if (urn_tokens[1])
                        device_type = g_strdup (urn_tokens[1]);
                g_strfreev (urn_tokens);
        }



However, it does not check if the second token (usn_tokens[1]) has length zero, in which case g_strsplit would return an empty vector (i.e., NULL) according to https://developer.gnome.org/glib/stable/glib-String-Utility-Functions.html#g-strsplit, which makes urn_tokens[1] de-reference NULL.

Just checking the length of usn_tokens[1] before entering this case solves the problem, see attached patch.