typefindfunctions: Add missing length check to XML typefinder

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54811

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/3690>

diff --git a/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c b/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
index 121a9a5..c732f31 100644 (file)
--- a/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
+++ b/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
@@ -570,6 +570,9 @@ xml_check_first_element_from_data (const guint8 * data, guint length,
     length -= (ptr - data);
     data = ptr;
 
+    if (length < 2)
+      return FALSE;
+
     got_xmldec = (memcmp (data, "?>", 2) == 0);
     if (!got_xmldec)
       return FALSE;