diff options
author | Edward Hervey <edward@centricular.com> | 2022-11-05 09:34:27 +0300 |
---|---|---|
committer | Tim-Philipp Müller <tim@centricular.com> | 2022-11-07 15:45:29 +0300 |
commit | 3cc45d5a368e3471ee27c6a895d79b7b164415e8 (patch) | |
tree | dda2343d8cb814f8c0bb60fc942bebcd03a7af4f | |
parent | b6309a569a628570aae774595f51a827657ed336 (diff) |
subparse: Fix non-closed tag handling.
Unclear what the goal was, but we could end up reading way past the next_tag.
Instead just move everything from after the end tag ('>') to the next_tag.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53040
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/3351>
-rw-r--r-- | subprojects/gst-plugins-base/gst/subparse/gstsubparse.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c index d1236249f5..8ce616ddf0 100644 --- a/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c +++ b/subprojects/gst-plugins-base/gst/subparse/gstsubparse.c @@ -785,9 +785,11 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr) last = g_ptr_array_index (open_tags, num_open_tags - 1); if (num_open_tags == 0 || g_ascii_strncasecmp (end_tag - 1, last, strlen (last))) { - GST_LOG ("broken input, closing tag '%s' is not open", end_tag - 1); - memmove (next_tag, end_tag + 1, strlen (end_tag) + 1); - next_tag -= strlen (end_tag); + GST_LOG ("broken input, closing tag '%s' is not open", next_tag); + /* Move everything after the tag end, including closing \0 */ + memmove (next_tag, end_tag + 1, strlen (end_tag)); + cur = next_tag; + continue; } else { --num_open_tags; g_ptr_array_remove_index (open_tags, num_open_tags); |