subparse: don't deref a potentially NULL variable
authorMatthew Waters <matthew@centricular.com>
Thu, 28 Apr 2022 05:32:27 +0000 (15:32 +1000)
committerMatthew Waters <matthew@centricular.com>
Thu, 28 Apr 2022 05:35:12 +0000 (15:35 +1000)
If the html SAMI data is malformed, then retrieving the attribute name
may fail.  We then cannot retrieve the attribute value.

Fixes: https://oss-fuzz.com/testcase-detail/4700130671984640
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2317>

subprojects/gst-plugins-base/gst/subparse/samiparse.c

index 9b6c655..93ea803 100644 (file)
@@ -494,6 +494,10 @@ html_context_handle_element (HtmlContext * ctxt,
     gchar *attr_name = NULL, *attr_value = NULL;
     gsize length;
     next = string_token (next + 1, "=", &attr_name);
+    if (!next) {
+      g_free (attr_name);
+      break;
+    }
     next = string_token (next + 1, " ", &attr_value);
 
     /* strip " or ' from attribute value */