From 5cf630697c55c49c60862494712c9f32f55fcf0f Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 20 Nov 2014 13:34:32 +0100
Subject: [PATCH] structure: don't overread input when searching for "

When searching for the string terminator don't read past the ending
0-byte when escaping characters.
Add unit test for various escaping cases.
---
 gst/gststructure.c             | 10 ++++++++--
 tests/check/gst/gststructure.c | 14 ++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/gst/gststructure.c b/gst/gststructure.c
index 3aac676..ad42d3a 100644
--- a/gst/gststructure.c
+++ b/gst/gststructure.c
@@ -1922,8 +1922,11 @@ gst_structure_parse_string (gchar * s, gchar ** end, gchar ** next,
     while (*s != '"') {
       if (G_UNLIKELY (*s == 0))
         return FALSE;
-      if (G_UNLIKELY (*s == '\\'))
+      if (G_UNLIKELY (*s == '\\')) {
         s++;
+        if (G_UNLIKELY (*s == 0))
+          return FALSE;
+      }
       *w = *s;
       w++;
       s++;
@@ -1935,8 +1938,11 @@ gst_structure_parse_string (gchar * s, gchar ** end, gchar ** next,
     while (*s != '"') {
       if (G_UNLIKELY (*s == 0))
         return FALSE;
-      if (G_UNLIKELY (*s == '\\'))
+      if (G_UNLIKELY (*s == '\\')) {
         s++;
+        if (G_UNLIKELY (*s == 0))
+          return FALSE;
+      }
       s++;
     }
     s++;
diff --git a/tests/check/gst/gststructure.c b/tests/check/gst/gststructure.c
index 1dd7cd6..60e532c 100644
--- a/tests/check/gst/gststructure.c
+++ b/tests/check/gst/gststructure.c
@@ -174,6 +174,20 @@ GST_START_TEST (test_from_string)
   ASSERT_WARNING (structure = gst_structure_from_string (s, NULL));
   fail_if (structure == NULL, "Could not get structure from string %s", s);
   gst_structure_free (structure);
+
+  /* make sure we handle \ as last character in various things, run with valgrind */
+  s = "foo,test=\"foobar\\";
+  structure = gst_structure_from_string (s, NULL);
+  fail_unless (structure == NULL);
+  s = "\\";
+  structure = gst_structure_from_string (s, NULL);
+  fail_unless (structure == NULL);
+  s = "foobar,test\\";
+  structure = gst_structure_from_string (s, NULL);
+  fail_unless (structure == NULL);
+  s = "foobar,test=(string)foo\\";
+  structure = gst_structure_from_string (s, NULL);
+  fail_unless (structure == NULL);
 }
 
 GST_END_TEST;
-- 
2.7.4