From 2a4f96861e9115145106ce60837d72a7662eecf1 Mon Sep 17 00:00:00 2001 From: Matthew Waters Date: Wed, 7 Sep 2022 16:35:38 +1000 Subject: [PATCH] subparse: fix crash when parsing invalid timestamps in mpl2 Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49245 Part-of: --- .../gst-plugins-base/gst/subparse/mpl2parse.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c index cce2c142e7..b176225223 100644 --- a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c +++ b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c @@ -37,11 +37,12 @@ static gchar * mpl2_parse_line (ParserState * state, const gchar * line, guint line_num) { GString *markup; + const char *orig_line = line; gint dc_start, dc_stop; /* parse subtitle file line */ if (sscanf (line, "[%u][%u]", &dc_start, &dc_stop) != 2) { - GST_WARNING ("failed to extract timestamps for line '%s'", line); + GST_WARNING ("failed to extract timestamps for line '%s'", orig_line); return NULL; } @@ -50,8 +51,18 @@ mpl2_parse_line (ParserState * state, const gchar * line, guint line_num) state->duration = (GST_SECOND / 10 * dc_stop) - state->start_time; /* skip brackets with timestamps */ - line = strchr (line, ']') + 1; - line = strchr (line, ']') + 1; + line = strchr (line, ']'); + if (!line) { + GST_WARNING ("invalid, timestamp missing first \']\' for '%s'", orig_line); + return NULL; + } + line += 1; + line = strchr (line, ']'); + if (!line) { + GST_WARNING ("invalid, timestamp missing second \']\' for '%s'", orig_line); + return NULL; + } + line += 1; markup = g_string_new (NULL);