mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-11-29 21:21:12 +00:00
subparse: fix crash when parsing invalid timestamps in mpl2
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49245 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2989>
This commit is contained in:
parent
1c69fe3fc8
commit
1e269a3c6d
1 changed files with 14 additions and 3 deletions
|
@ -37,11 +37,12 @@ static gchar *
|
||||||
mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
|
mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
|
||||||
{
|
{
|
||||||
GString *markup;
|
GString *markup;
|
||||||
|
const char *orig_line = line;
|
||||||
gint dc_start, dc_stop;
|
gint dc_start, dc_stop;
|
||||||
|
|
||||||
/* parse subtitle file line */
|
/* parse subtitle file line */
|
||||||
if (sscanf (line, "[%u][%u]", &dc_start, &dc_stop) != 2) {
|
if (sscanf (line, "[%u][%u]", &dc_start, &dc_stop) != 2) {
|
||||||
GST_WARNING ("failed to extract timestamps for line '%s'", line);
|
GST_WARNING ("failed to extract timestamps for line '%s'", orig_line);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,8 +51,18 @@ mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
|
||||||
state->duration = (GST_SECOND / 10 * dc_stop) - state->start_time;
|
state->duration = (GST_SECOND / 10 * dc_stop) - state->start_time;
|
||||||
|
|
||||||
/* skip brackets with timestamps */
|
/* skip brackets with timestamps */
|
||||||
line = strchr (line, ']') + 1;
|
line = strchr (line, ']');
|
||||||
line = strchr (line, ']') + 1;
|
if (!line) {
|
||||||
|
GST_WARNING ("invalid, timestamp missing first \']\' for '%s'", orig_line);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
line += 1;
|
||||||
|
line = strchr (line, ']');
|
||||||
|
if (!line) {
|
||||||
|
GST_WARNING ("invalid, timestamp missing second \']\' for '%s'", orig_line);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
line += 1;
|
||||||
|
|
||||||
markup = g_string_new (NULL);
|
markup = g_string_new (NULL);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue