From: Sebastian Dröge <sebastian@centricular.com>
Date: Fri, 6 Jan 2023 16:09:02 +0000 (+0200)
Subject: typefindfunctions: Add missing length check to XML typefinder
X-Git-Tag: 1.22.0~81
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fa2b98f9579c5b9069753ae390a05d16fb5526f9;p=platform%2Fupstream%2Fgstreamer.git

typefindfunctions: Add missing length check to XML typefinder

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54811

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/3690>
---

diff --git a/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c b/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
index 121a9a5..c732f31 100644
--- a/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
+++ b/subprojects/gst-plugins-base/gst/typefind/gsttypefindfunctions.c
@@ -570,6 +570,9 @@ xml_check_first_element_from_data (const guint8 * data, guint length,
     length -= (ptr - data);
     data = ptr;
 
+    if (length < 2)
+      return FALSE;
+
     got_xmldec = (memcmp (data, "?>", 2) == 0);
     if (!got_xmldec)
       return FALSE;