diff --git a/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch b/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
deleted file mode 100644
index daa5fa7..0000000
--- a/0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -urp libmetalink-0.1.3.orig/lib/metalink_pstate.c libmetalink-0.1.3/lib/metalink_pstate.c
---- libmetalink-0.1.3.orig/lib/metalink_pstate.c	2012-08-12 04:43:53.000000000 -0400
-+++ libmetalink-0.1.3/lib/metalink_pstate.c	2020-07-22 17:03:21.205852103 -0400
-@@ -100,7 +100,7 @@ void initial_state_start_fun(metalink_ps
- 			     const char** attrs)
- {
-   if(strcmp("metalink", name) == 0) {
--    if (strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
-+    if (ns_uri && strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
-       const char* type;
-       const char* origin;
-       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_3);
-@@ -116,7 +116,7 @@ void initial_state_start_fun(metalink_ps
- 
-       metalink_pstm_enter_metalink_state(stm);
-     }
--    else if (strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
-+    else if (ns_uri && strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
-       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_4);
-       metalink_pstm_enter_metalink_state_v4(stm);
-     } else {
diff --git a/0004-fix-NULL-ptr-deref-in-initial_state_start_fun.patch b/0004-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
new file mode 100644
index 0000000..df3ce7c
--- /dev/null
+++ b/0004-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
@@ -0,0 +1,35 @@
+From 5d419fa4d4144c63a2b8458ab1871167a44bf490 Mon Sep 17 00:00:00 2001
+From: Bin Hu <hubin73@huawei.com>
+Date: Sat, 26 Mar 2022 14:19:50 +0800
+Subject: [PATCH 4/6] fix NULL pointer dereference in initial_state_start_fun
+
+Signed-off-by: Bin Hu <hubin73@huawei.com>
+---
+ lib/metalink_pstate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/metalink_pstate.c b/lib/metalink_pstate.c
+index 0a32461..3078338 100644
+--- a/lib/metalink_pstate.c
++++ b/lib/metalink_pstate.c
+@@ -100,7 +100,7 @@ void initial_state_start_fun(metalink_pstm_t* stm,
+ 			     const char** attrs)
+ {
+   if(strcmp("metalink", name) == 0) {
+-    if (strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
++    if (ns_uri && strcmp(METALINK_V3_NS_URI, ns_uri) == 0) {
+       const char* type;
+       const char* origin;
+       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_3);
+@@ -116,7 +116,7 @@ void initial_state_start_fun(metalink_pstm_t* stm,
+ 
+       metalink_pstm_enter_metalink_state(stm);
+     }
+-    else if (strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
++    else if (ns_uri && strcmp(METALINK_V4_NS_URI, ns_uri) == 0) {
+       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_4);
+       metalink_pstm_enter_metalink_state_v4(stm);
+     } else {
+-- 
+2.28.0.windows.1
+
diff --git a/0005-fix-return-value-of-parsing-wrong-formed-metalink-fi.patch b/0005-fix-return-value-of-parsing-wrong-formed-metalink-fi.patch
new file mode 100644
index 0000000..93dba5c
--- /dev/null
+++ b/0005-fix-return-value-of-parsing-wrong-formed-metalink-fi.patch
@@ -0,0 +1,37 @@
+From 868a2b79547a879d00ae9a0c2a6c46a2b6184226 Mon Sep 17 00:00:00 2001
+From: Bin Hu <hubin73@huawei.com>
+Date: Sat, 26 Mar 2022 14:27:22 +0800
+Subject: [PATCH 5/6] fix return value of parsing wrong formed metalink file
+
+Signed-off-by: Bin Hu <hubin73@huawei.com>
+---
+ lib/libexpat_metalink_parser.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/lib/libexpat_metalink_parser.c b/lib/libexpat_metalink_parser.c
+index 79b091c..11a8eee 100644
+--- a/lib/libexpat_metalink_parser.c
++++ b/lib/libexpat_metalink_parser.c
+@@ -149,6 +149,7 @@ metalink_parse_fp(FILE* docfp, metalink_t** res)
+   metalink_error_t r = 0,
+ 		   retval;
+   XML_Parser parser;
++  int isFinal = 0;
+ 
+   session_data = metalink_session_data_new();
+   
+@@ -172,7 +173,10 @@ metalink_parse_fp(FILE* docfp, metalink_t** res)
+         assert(0);
+       }
+     }
+-    if(!XML_ParseBuffer(parser, num_read, 0)) {
++    if(feof(docfp)) {
++      isFinal = 1;
++    }
++    if(!XML_ParseBuffer(parser, num_read, isFinal)) {
+       r = METALINK_ERR_PARSER_ERROR;
+       break;
+     }
+-- 
+2.28.0.windows.1
+
diff --git a/0006-return-error-code-when-metalink-file-misses-required.patch b/0006-return-error-code-when-metalink-file-misses-required.patch
new file mode 100644
index 0000000..2348a6b
--- /dev/null
+++ b/0006-return-error-code-when-metalink-file-misses-required.patch
@@ -0,0 +1,59 @@
+From b1135f7e81ddb1889399800037891cf0df58f443 Mon Sep 17 00:00:00 2001
+From: Bin Hu <hubin73@huawei.com>
+Date: Sat, 26 Mar 2022 14:38:52 +0800
+Subject: [PATCH 6/6] return error code when metalink file misses required file
+ attributes
+
+Signed-off-by: Bin Hu <hubin73@huawei.com>
+---
+ lib/metalink_pstate.c    | 2 +-
+ lib/metalink_pstate_v3.c | 4 ++++
+ lib/metalink_pstate_v4.c | 4 ++++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/lib/metalink_pstate.c b/lib/metalink_pstate.c
+index 3078338..49f48ba 100644
+--- a/lib/metalink_pstate.c
++++ b/lib/metalink_pstate.c
+@@ -121,7 +121,7 @@ void initial_state_start_fun(metalink_pstm_t* stm,
+       metalink_pstm_enter_metalink_state_v4(stm);
+     } else {
+       metalink_pctrl_set_version(stm->ctrl, METALINK_VERSION_UNKNOWN);
+-      metalink_pstm_enter_skip_state(stm);
++      error_handler(stm, METALINK_ERR_NAMESPACE_ERROR);
+     }
+   } else {
+     metalink_pstm_enter_skip_state(stm);
+diff --git a/lib/metalink_pstate_v3.c b/lib/metalink_pstate_v3.c
+index 7a3c25a..129a54d 100644
+--- a/lib/metalink_pstate_v3.c
++++ b/lib/metalink_pstate_v3.c
+@@ -53,6 +53,10 @@ void metalink_state_end_fun_v3(metalink_pstm_t* stm,
+ 			       const char* name, const char* ns_uri,
+ 			       const char* characters)
+ {
++  if(!stm->ctrl->metalink->files || !(*stm->ctrl->metalink->files)) {
++    error_handler(stm, METALINK_ERR_MISSING_REQUIRED_ATTR);
++    return;
++  }
+   metalink_pstm_enter_fin_state(stm);
+ }
+ 
+diff --git a/lib/metalink_pstate_v4.c b/lib/metalink_pstate_v4.c
+index f096d97..36d8a09 100644
+--- a/lib/metalink_pstate_v4.c
++++ b/lib/metalink_pstate_v4.c
+@@ -163,6 +163,10 @@ void metalink_state_end_fun_v4(metalink_pstm_t* stm,
+     error_handler(stm, r);
+     return;
+   }
++  if(!stm->ctrl->metalink->files || !(*stm->ctrl->metalink->files)) {
++    error_handler(stm, METALINK_ERR_MISSING_REQUIRED_ATTR);
++    return;
++  }
+   metalink_pstm_enter_fin_state(stm);
+ }
+ 
+-- 
+2.28.0.windows.1
+
diff --git a/libmetalink.spec b/libmetalink.spec
index 2a6b7ff..a5eba23 100644
--- a/libmetalink.spec
+++ b/libmetalink.spec
@@ -1,6 +1,6 @@
 Name: libmetalink
 Version: 0.1.3
-Release: 11
+Release: 12
 Summary: Metalink library written in C
 License: MIT
 URL: https://launchpad.net/libmetalink
@@ -11,7 +11,9 @@ BuildRequires: gcc expat-devel libxml2-devel CUnit-devel autoconf automake libto
 Patch001:0001-fix-warning-_BSD_SOURCE-and-_SVID_SOURCE-are-depreca.patch
 Patch002:0002-add-libmetalink-testcases-for-api-and-error-handling.patch
 Patch003:0003-backport-fix-covscan-issues.patch
-Patch004:0004-backport-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
+Patch004:0004-fix-NULL-ptr-deref-in-initial_state_start_fun.patch
+Patch005:0005-fix-return-value-of-parsing-wrong-formed-metalink-fi.patch
+Patch006:0006-return-error-code-when-metalink-file-misses-required.patch
 
 %description
 libmetalink is a Metalink library written in C language. It is intended to
@@ -66,7 +68,13 @@ make check
 %{_mandir}/man3/*
 
 %changelog
-* Fri Mar 23 2022 Hu Bin <hubin73@huawei.com> - 0.1.3-11
+* Sat Mar 26 2022 Hu Bin <hubin73@huawei.com> - 0.1.3-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix return value bug when parsing wrong formed metalink file
+
+* Wed Mar 23 2022 Hu Bin <hubin73@huawei.com> - 0.1.3-11
 - Type:bugfix
 - ID:NA
 - SUG:NA