mirrors/gstreamer
mirrors/gstreamer
1
1
Fork 0
mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-06-16 21:10:37 +00:00
Code Issues 1 Projects Releases Wiki Activity

subparse: Fix non-closed tag handling.

Browse source 
Unclear what the goal was, but we could end up reading way past the next_tag.

Instead just move everything from after the end tag ('>') to the next_tag.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53040

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/3340>
This commit is contained in:
Edward Hervey 2022-11-05 07:34:27 +01:00 committed by GStreamer Marge Bot
parent e283c99358
commit 24a0e5bdfd
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
subprojects/gst-plugins-base/gst/subparse/gstsubparse.c
View file

@ -785,9 +785,11 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
last = g_ptr_array_index (open_tags, num_open_tags - 1);
if (num_open_tags == 0
|| g_ascii_strncasecmp (end_tag - 1, last, strlen (last))) {
GST_LOG ("broken input, closing tag '%s' is not open", end_tag - 1);
memmove (next_tag, end_tag + 1, strlen (end_tag) + 1);
next_tag -= strlen (end_tag);
GST_LOG ("broken input, closing tag '%s' is not open", next_tag);
/* Move everything after the tag end, including closing \0 */
memmove (next_tag, end_tag + 1, strlen (end_tag));
cur = next_tag;
continue;
} else {
--num_open_tags;
g_ptr_array_remove_index (open_tags, num_open_tags);