From: Matthew Waters <matthew@centricular.com>
Date: Wed, 7 Sep 2022 06:35:38 +0000 (+1000)
Subject: subparse: fix crash when parsing invalid timestamps in mpl2
X-Git-Tag: 1.22.0~990
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1e269a3c6d2be1dcb48ff049319c200ba822cc4f;p=platform%2Fupstream%2Fgstreamer.git

subparse: fix crash when parsing invalid timestamps in mpl2

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49245

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2989>
---

diff --git a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
index cce2c14..b176225 100644
--- a/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
+++ b/subprojects/gst-plugins-base/gst/subparse/mpl2parse.c
@@ -37,11 +37,12 @@ static gchar *
 mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
 {
   GString *markup;
+  const char *orig_line = line;
   gint dc_start, dc_stop;
 
   /* parse subtitle file line */
   if (sscanf (line, "[%u][%u]", &dc_start, &dc_stop) != 2) {
-    GST_WARNING ("failed to extract timestamps for line '%s'", line);
+    GST_WARNING ("failed to extract timestamps for line '%s'", orig_line);
     return NULL;
   }
 
@@ -50,8 +51,18 @@ mpl2_parse_line (ParserState * state, const gchar * line, guint line_num)
   state->duration = (GST_SECOND / 10 * dc_stop) - state->start_time;
 
   /* skip brackets with timestamps */
-  line = strchr (line, ']') + 1;
-  line = strchr (line, ']') + 1;
+  line = strchr (line, ']');
+  if (!line) {
+    GST_WARNING ("invalid, timestamp missing first \']\' for '%s'", orig_line);
+    return NULL;
+  }
+  line += 1;
+  line = strchr (line, ']');
+  if (!line) {
+    GST_WARNING ("invalid, timestamp missing second \']\' for '%s'", orig_line);
+    return NULL;
+  }
+  line += 1;
 
   markup = g_string_new (NULL);