Bug report on libhtp( AddressSanitizer: SEGV)

[afosscontact]

Describe the bug
A bug was found within the libhtp. Though it might not be an intended use of the relevant API, the bug can still produce critical issues within a program using libhtp. It would be best if the affected logic is checked beforehand.
The bug was found with a fuzzer based on the function "List.Expand1".
This may cause problems in the use of libraries

How To Reproduce

1. Download the attached file
2. Execute make_libhtp_bug2.sh
3. ./test_all --gtest_filter=List.Expand1

==109414==ERROR: AddressSanitizer: SEGV on unknown address 0x7f023ae35468 (pc 0x0000007f2bb6 bp 0x7fff09e0b5f0 sp 0x7fff09e0b5d0 T0)
==109414==The signal is caused by a READ memory access.
#0 0x7f2bb6 in htp_list_array_get libhtp/htp/htp_list.c:106:25
#1 0x741808 in List_Expand1_Test::TestBody() libhtp/test/test_utils.cpp

Platform (please complete the following information):
OS: Ubuntu 18.04

libhtp_bug2.tar.gz

[attritionorg]

@afosscontact assimp?

[afosscontact]

I was sorry.
Project Name was wrong
I modified

[catenacyber]

Thanks.
The commit to fix this c1e53f3

How did you find this bug ?
Did you try the tool on Suricata itself ? Could you ?

[catenacyber]

By the way, side note for myself later, this is a good candidate for a CodeQL query...

[autofuzzoss]

Thank you for the fast fix
This bug found in Fuzzing technology we are studying
If you have completed the modification for this bug, I want to issue CVE ID
Is it possible to issue CVE ID?

[autofuzzoss]

If you are enabled, you want to be issued under the name Autofuzz.
Because I am being issued as a NickName called Autofuzz in CVEs found by this Fuzzing technology.

[catenacyber]

Fixed by #344