[CVE-2017-5838]datetime: out of bounds read in gst_date_time_new_from_iso8601_string()

author Eunhae Choi <eunhae1.choi@samsung.com>

Thu, 2 Nov 2017 11:51:21 +0000 (20:51 +0900)

committer Gilbok Lee <gilbok.lee@samsung.com>

Mon, 6 Nov 2017 02:21:23 +0000 (11:21 +0900)
author Eunhae Choi <eunhae1.choi@samsung.com>
Thu, 2 Nov 2017 11:51:21 +0000 (20:51 +0900)
committer Gilbok Lee <gilbok.lee@samsung.com>
Mon, 6 Nov 2017 02:21:23 +0000 (11:21 +0900)
diff --git a/gst/gstdatetime.c b/gst/gstdatetime.c

index 6e7ea27b356638af35c03c8ff84fe4793ddfed5b..a020f6780130b22f64fb20d6aed0b3d73b2d3961 100644 (file)
--- a/gst/gstdatetime.c
+++ b/gst/gstdatetime.c
@@ -865,7 +865,7 @@ gst_date_time_new_from_iso8601_string (const gchar * string)
      else if (neg_pos)
        pos = neg_pos + 1;
  
-    if (pos) {
+    if (pos && strlen (pos) >= 3) {
        gint ret_tz;
        if (pos[2] == ':')
          ret_tz = sscanf (pos, "%d:%d", &gmt_offset_hour, &gmt_offset_min);
diff --git a/tests/check/gst/gstdatetime.c b/tests/check/gst/gstdatetime.c

index ae15dc55bcc81aa1aa35be3f701af0c1a4830073..7bbc5bd41d3974b185c921010f93b428103ca18b 100644 (file)
--- a/tests/check/gst/gstdatetime.c
+++ b/tests/check/gst/gstdatetime.c
@@ -701,6 +701,14 @@ GST_START_TEST (test_GstDateTime_iso8601)
    fail_unless (!gst_date_time_has_second (dt));
    gst_date_time_unref (dt);
  
+  /* some bogus ones, make copy to detect out of bound read in valgrind/asan */
+  {
+    gchar *s = g_strdup ("0002000000T00000:00+0");
+    dt = gst_date_time_new_from_iso8601_string (s);
+    gst_date_time_unref (dt);
+    g_free (s);
+  }
+
    g_date_time_unref (gdt2);
  }
author	Eunhae Choi <eunhae1.choi@samsung.com>
	Thu, 2 Nov 2017 11:51:21 +0000 (20:51 +0900)
committer	Gilbok Lee <gilbok.lee@samsung.com>
	Mon, 6 Nov 2017 02:21:23 +0000 (11:21 +0900)
gst/gstdatetime.c		patch \| blob \| history
tests/check/gst/gstdatetime.c		patch \| blob \| history