During recent fuzzing of the iniparser library via libFuzzer, I've discovered that iniparser can run into a segfault when parsing malformed configuration files.
As far as I can see, this is a local denial of service problem for some programs if attackers are able to provide or modify configuration files (and know which boolean configuration keys are fetched).

The following code position leads to the crash:

Sanitizer crash info:

iniparser.c:561:9: runtime error: load of null pointer of type 'const char'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
iniparser.c:561:9 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==18912==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000055bd8c bp 0x7ffe80f4c070 sp 0x7ffe80f4bf80 T0)
==18912==The signal is caused by a READ memory access.
==18912==Hint: address points to the zero page.

The custom fuzzer harness is structured similarly to the iniexample.c example code. The relevant call after loading the target configuration tries to load the p:h key:

iniparser_getboolean(ini, "p:h", -1);

The following configuration file will lead to problems for the boolean fetch mentioned above:
[P:h]

Note: p:h was chosen arbitrarily as a shorter version of the pizza:ham key in the code example and has no special significance beyond that.

I've reported this finding privately to @ndevilla and @touilleMan.
@ndevilla has responded quickly and asked me to create a public issue report for it here.