CVE-2023-29469: NULL dereference in xmlDictComputeFastKey with empty dict strings

CVE-2023-29469 is a vulnerability in libxml2's dictionary hashing function xmlDictComputeFastKey. When processing empty or non-null-terminated strings with namelen <= 0, the function fails to detect and handle this condition, leading to reading from invalid memory locations or potential NULL dereferences.

The vulnerable code checks only if the name pointer is NULL, but does not validate that namelen is positive. When namelen is 0 or negative and name is not NULL, the function proceeds to dereference name[0] without verifying the string has valid content. This can occur when parsing specially crafted XML documents that cause xmlParseStartTag2 to pass empty attribute names to the dictionary lookup functions.

The hash table handling flaw allows attackers to trigger logic errors including double-frees, memory corruption, or denial of service through inconsistent hash computation.