samiparse: fix handling of self-closing tags

We would check the wrong string (rest of line rather than element) for the / suffix of self-closing tags, which is not only wrong but also has atrocious performance with certain strings like the garbled nonsense clusterfuzz feeds us, which might cause discoverer to time out when processing garbled SAMI files. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47461 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2706>
2025-02-02 20:42:30 +00:00 · 2022-06-30 00:13:19 +01:00 · 2022-06-30 00:13:19 +01:00 · 1eef7bbc22
commit 1eef7bbc22
parent 149c8609c6
2 changed files with 25 additions and 1 deletions
--- a/subprojects/gst-plugins-base/gst/subparse/samiparse.c
+++ b/subprojects/gst-plugins-base/gst/subparse/samiparse.c
@ -543,7 +543,7 @@ html_context_parse (HtmlContext * ctxt, gchar * text, gsize text_len)

      next = string_token (next, ">", &element);
      next++;
-      if (g_str_has_suffix (next, "/")) {
+      if (g_str_has_suffix (element, "/")) {
        /* handle <blah/> */
        element[strlen (element) - 1] = '\0';
        html_context_handle_element (ctxt, element + 1, TRUE);
--- a/subprojects/gst-plugins-base/tests/check/elements/subparse.c
+++ b/subprojects/gst-plugins-base/tests/check/elements/subparse.c
@ -1026,6 +1026,29 @@ GST_START_TEST (test_sami_comment)

 GST_END_TEST;

+GST_START_TEST (test_sami_self_contained_tags)
+{
+  SubParseInputChunk sami_input[] = {
+    {"<SAMI>\n"
+          "<BODY>\n"
+          "    <SYNC Start=1000>\n"
+          "        <P Class=CC>\n"
+          "            This line has a self-closing format tag<i /> and more.\n",
+          1000 * GST_MSECOND, 2000 * GST_MSECOND,
+        "This line has a self-closing format tag<i></i>and more."},
+    {"    <SYNC Start=2000>\n"
+          "        <P Class=CC>\n"
+          "            This is a third comment.<br>\n"
+          "            This is a fourth comment.\n" "</BODY>\n" "</SAMI>\n",
+          2000 * GST_MSECOND, GST_CLOCK_TIME_NONE,
+        "This is a third comment.\nThis is a fourth comment."}
+  };
+
+  do_test (sami_input, G_N_ELEMENTS (sami_input), "pango-markup");
+}
+
+GST_END_TEST;
+
 GST_START_TEST (test_lrc)
 {
  SubParseInputChunk lrc_input[] = {
@ -1106,6 +1129,7 @@ subparse_suite (void)
  tcase_add_test (tc_chain, test_sami_html_entities);
  tcase_add_test (tc_chain, test_sami_bad_entities);
  tcase_add_test (tc_chain, test_sami_comment);
+  tcase_add_test (tc_chain, test_sami_self_contained_tags);
  tcase_add_test (tc_chain, test_lrc);
  tcase_add_test (tc_chain, test_raw_conversion);
  return s;