diff --git a/backport-libsepol-cil-fix-NULL-pointer-dereference-in-cil_fil.patch b/backport-libsepol-cil-fix-NULL-pointer-dereference-in-cil_fil.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7d8a1e215971438cec8e7a514148154a30ba46d1
--- /dev/null
+++ b/backport-libsepol-cil-fix-NULL-pointer-dereference-in-cil_fil.patch
@@ -0,0 +1,33 @@
+From 6238e025714b18db41354629dd40e70e27b7c37e Mon Sep 17 00:00:00 2001
+From: lutianxiong <lutianxiong@huawei.com>
+Date: Thu, 25 Feb 2021 18:40:02 +0800
+Subject: [PATCH] libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
+
+Found a NULL pointer dereference by fuzzing, reproducing:
+    $ echo "(nodecon(())o(e()))" > tmp.cil
+    $ secilc tmp.cil
+    Segmentation fault (core dumped)
+
+Add NULL check for addr_node->data in cil_fill_ipaddr.
+
+Signed-off-by: lutianxiong <lutianxiong@huawei.com>
+---
+ libsepol/cil/src/cil_build_ast.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
+index 726f46cd..4e53f06a 100644
+--- a/libsepol/cil/src/cil_build_ast.c
++++ b/libsepol/cil/src/cil_build_ast.c
+@@ -5660,7 +5660,7 @@ int cil_fill_ipaddr(struct cil_tree_node *addr_node, struct cil_ipaddr *addr)
+ {
+ 	int rc = SEPOL_ERR;
+ 
+-	if (addr_node == NULL || addr == NULL) {
++	if (addr_node == NULL || addr_node->data == NULL || addr == NULL) {
+ 		goto exit;
+ 	}
+ 
+-- 
+2.27.0
+
diff --git a/libsepol.spec b/libsepol.spec
index e02a3fbbab6e7abbd73552034fc129ef3766bb85..6966a7bc46d086eef59b67ce7d69187acec115a3 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,11 +1,13 @@
 Name:           libsepol
 Version:        3.1
-Release:        1 
+Release:        2
 Summary:        SELinux binary policy manipulation library
 License:        LGPLv2+
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0:        https://github.com/SELinuxProject/selinux/releases/download/20200710/libsepol-3.1.tar.gz
 
+Patch1:		backport-libsepol-cil-fix-NULL-pointer-dereference-in-cil_fil.patch
+
 BuildRequires:  gcc flex
 
 %description
@@ -26,7 +28,7 @@ Header files and libraries for %{name}
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version} -p1 
+%autosetup -n %{name}-%{version} -p2
 
 %build
 make clean
@@ -67,6 +69,9 @@ exit 0
 %{_mandir}/man3/*
 
 %changelog
+* Thu Mar 4 2021 Lirui <lirui130@huawei.com> - 3.1-2
+- fix NULL pointer dereference in cil_fill_ipaddr 
+
 * Fri Jul 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.1-1
 - update to 3.1