named-checkconf crashes in parser.c
Found by the AFL fuzzer. The attached tarball contains a number of configuration files, all of which cause named-checkconf (and named, should it be started with one of the configuration files) to crash with the following stack trace:
parser.c:3326: REQUIRE(obj != ((void *)0)) failed, back trace
#0 0x592654 in default_callback()+0x34
#1 0x5925ba in isc_assertion_failed()+0xa
#2 0x44711a in cfg_obj_log()+0x17a
#3 0x43ae19 in check_zoneconf()+0x26d9
#4 0x43c4af in check_viewconf()+0x19f
#5 0x43f283 in bind9_check_namedconf()+0x1013
#6 0x4337a9 in main()+0x359
#7 0x7f97b7921fea in __do_global_dtors_aux_fini_array_entry()+0x7f97b70d2592
#8 0x433aca in _start()+0x2a
Aborted
The issue is reproducible in the current version of master (commit d844959a440c0f91a16acd19e3fc16c97f0d5c6d).(This may well be related to the named-checkconf crash reported in #778 (closed). However, as the assertion is different, it has been reported as a separate issue.)