subparse: fix crash when parsing invalid timestamps in mpl2

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49245

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2989>

diff --git a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
index cce2c14..b176225 100644 (file)
--- a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
+++ b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
@@ -37,11 +37,12 @@ static gchar *
 mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
 {
   GString *markup;
+  const char *orig_line = line;
   gint dc_start, dc_stop;
 
   /* parse subtitle file line */
   if (sscanf (line, "[%u][%u]", &dc_start, &dc_stop) != 2) {
-    GST_WARNING ("failed to extract timestamps for line '%s'", line);
+    GST_WARNING ("failed to extract timestamps for line '%s'", orig_line);
     return NULL;
   }
 
@@ -50,8 +51,18 @@ mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
   state->duration = (GST_SECOND / 10 * dc_stop) - state->start_time;
 
   /* skip brackets with timestamps */
-  line = strchr (line, ']') + 1;
-  line = strchr (line, ']') + 1;
+  line = strchr (line, ']');
+  if (!line) {
+    GST_WARNING ("invalid, timestamp missing first \']\' for '%s'", orig_line);
+    return NULL;
+  }
+  line += 1;
+  line = strchr (line, ']');
+  if (!line) {
+    GST_WARNING ("invalid, timestamp missing second \']\' for '%s'", orig_line);
+    return NULL;
+  }
+  line += 1;
 
   markup = g_string_new (NULL);