main/gst-plugins-base1/CVE-2017-5842.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

From d894c19db62ce87115317616f0a5d4482d6332c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Fri, 20 Jan 2017 08:02:38 +0200
Subject: [PATCH] samiparse: Check that the string has a non-zero length before
 overwriting the last byte with '\0'

https://bugzilla.gnome.org/show_bug.cgi?id=777502
---
 gst/subparse/samiparse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gst/subparse/samiparse.c b/gst/subparse/samiparse.c
index 517e959..377c6d7 100644
--- a/gst/subparse/samiparse.c
+++ b/gst/subparse/samiparse.c
@@ -504,7 +504,8 @@ html_context_handle_element (HtmlContext * ctxt,
     }
 
     length = strlen (attr_value);
-    if (attr_value[length - 1] == '"' || attr_value[length - 1] == '\'') {
+    if (length > 0 && (attr_value[length - 1] == '"'
+            || attr_value[length - 1] == '\'')) {
       attr_value[length - 1] = '\0';
     }