datetime: fix potential out-of-bound read on malformed datetime string

author Tim-Philipp Müller <tim@centricular.com>

Sun, 15 Jan 2017 11:52:44 +0000 (11:52 +0000)

committer Tim-Philipp Müller <tim@centricular.com>

Sun, 15 Jan 2017 11:53:41 +0000 (11:53 +0000)
author Tim-Philipp Müller <tim@centricular.com>
Sun, 15 Jan 2017 11:52:44 +0000 (11:52 +0000)
committer Tim-Philipp Müller <tim@centricular.com>
Sun, 15 Jan 2017 11:53:41 +0000 (11:53 +0000)
diff --git a/gst/gstdatetime.c b/gst/gstdatetime.c

index 2d99594..67cdd6c 100644 (file)
--- a/gst/gstdatetime.c
+++ b/gst/gstdatetime.c
@@ -865,7 +865,7 @@ gst_date_time_new_from_iso8601_string (const gchar * string)
      else if (neg_pos)
        pos = neg_pos + 1;
  
-    if (pos) {
+    if (pos && strlen (pos) >= 3) {
        gint ret_tz;
        if (pos[2] == ':')
          ret_tz = sscanf (pos, "%d:%d", &gmt_offset_hour, &gmt_offset_min);
diff --git a/tests/check/gst/gstdatetime.c b/tests/check/gst/gstdatetime.c

index ae15dc5..7bbc5bd 100644 (file)
--- a/tests/check/gst/gstdatetime.c
+++ b/tests/check/gst/gstdatetime.c
@@ -701,6 +701,14 @@ GST_START_TEST (test_GstDateTime_iso8601)
    fail_unless (!gst_date_time_has_second (dt));
    gst_date_time_unref (dt);
  
+  /* some bogus ones, make copy to detect out of bound read in valgrind/asan */
+  {
+    gchar *s = g_strdup ("0002000000T00000:00+0");
+    dt = gst_date_time_new_from_iso8601_string (s);
+    gst_date_time_unref (dt);
+    g_free (s);
+  }
+
    g_date_time_unref (gdt2);
  }
author	Tim-Philipp Müller <tim@centricular.com>
	Sun, 15 Jan 2017 11:52:44 +0000 (11:52 +0000)
committer	Tim-Philipp Müller <tim@centricular.com>
	Sun, 15 Jan 2017 11:53:41 +0000 (11:53 +0000)
gst/gstdatetime.c		patch \| blob \| history
tests/check/gst/gstdatetime.c		patch \| blob \| history