gstreamer1-plugins-base/SOURCES/0001-subparse-Look-for-the-closing-of-a-tag-after-the-ope.patch

37 lines
1.3 KiB
Diff
Raw Permalink Normal View History

From 5e8fa4cb835a938aba72f2b7ccd3e784e5886df8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Tue, 13 Jun 2023 12:53:13 +0300
Subject: [PATCH 1/2] subparse: Look for the closing `>` of a tag after the
opening `<`
Previously when fixing up subrip markip, we were looking from the start
of the remaining buffer instead. Due to how skipping over closing tags
works, the remaining buffer will still contain the closing `>` of the
previous tag so if a unexpected closing tag is found after another
closing tag, we would potentially do an out of bounds memmove().
Fixes ZDI-CAN-20968
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2662
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
---
gst/subparse/gstsubparse.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
index 425415874..e8d3ecaef 100644
--- a/gst/subparse/gstsubparse.c
+++ b/gst/subparse/gstsubparse.c
@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
}
if (*next_tag == '<' && *(next_tag + 1) == '/') {
- end_tag = strchr (cur, '>');
+ end_tag = strchr (next_tag, '>');
if (end_tag) {
const gchar *last = NULL;
if (num_open_tags > 0)
--
2.43.0