37 lines
1.3 KiB
Diff
37 lines
1.3 KiB
Diff
|
From 5e8fa4cb835a938aba72f2b7ccd3e784e5886df8 Mon Sep 17 00:00:00 2001
|
||
|
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
|
||
|
Date: Tue, 13 Jun 2023 12:53:13 +0300
|
||
|
Subject: [PATCH 1/2] subparse: Look for the closing `>` of a tag after the
|
||
|
opening `<`
|
||
|
|
||
|
Previously when fixing up subrip markip, we were looking from the start
|
||
|
of the remaining buffer instead. Due to how skipping over closing tags
|
||
|
works, the remaining buffer will still contain the closing `>` of the
|
||
|
previous tag so if a unexpected closing tag is found after another
|
||
|
closing tag, we would potentially do an out of bounds memmove().
|
||
|
|
||
|
Fixes ZDI-CAN-20968
|
||
|
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2662
|
||
|
|
||
|
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895>
|
||
|
---
|
||
|
gst/subparse/gstsubparse.c | 2 +-
|
||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
|
||
|
index 425415874..e8d3ecaef 100644
|
||
|
--- a/gst/subparse/gstsubparse.c
|
||
|
+++ b/gst/subparse/gstsubparse.c
|
||
|
@@ -814,7 +814,7 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
|
||
|
}
|
||
|
|
||
|
if (*next_tag == '<' && *(next_tag + 1) == '/') {
|
||
|
- end_tag = strchr (cur, '>');
|
||
|
+ end_tag = strchr (next_tag, '>');
|
||
|
if (end_tag) {
|
||
|
const gchar *last = NULL;
|
||
|
if (num_open_tags > 0)
|
||
|
--
|
||
|
2.43.0
|
||
|
|