From 0f9f179beccbaf3b8ea3355dfecdb91eca23389b Mon Sep 17 00:00:00 2001
From: Matthew Waters <matthew@centricular.com>
Date: Thu, 28 Apr 2022 15:32:27 +1000
Subject: [PATCH] subparse: don't deref a potentially NULL variable

If the html SAMI data is malformed, then retrieving the attribute name
may fail.  We then cannot retrieve the attribute value.

Fixes: https://oss-fuzz.com/testcase-detail/4700130671984640
Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2317>
---
 subprojects/gst-plugins-base/gst/subparse/samiparse.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/subprojects/gst-plugins-base/gst/subparse/samiparse.c b/subprojects/gst-plugins-base/gst/subparse/samiparse.c
index 9b6c655..93ea803 100644
--- a/subprojects/gst-plugins-base/gst/subparse/samiparse.c
+++ b/subprojects/gst-plugins-base/gst/subparse/samiparse.c
@@ -494,6 +494,10 @@ html_context_handle_element (HtmlContext * ctxt,
     gchar *attr_name = NULL, *attr_value = NULL;
     gsize length;
     next = string_token (next + 1, "=", &attr_name);
+    if (!next) {
+      g_free (attr_name);
+      break;
+    }
     next = string_token (next + 1, " ", &attr_value);
 
     /* strip " or ' from attribute value */
-- 
2.7.4