subparse: Make sure that subrip time string is not too long before zero-padding
Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4419 Fixes CVE-2025-47806 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>
This commit is contained in:
parent
9e2238adc1
commit
edca7f83d1
@ -858,7 +858,7 @@ parse_subrip_time (const gchar * ts_string, GstClockTime * t)
|
||||
g_strdelimit (s, " ", '0');
|
||||
g_strdelimit (s, ".", ',');
|
||||
|
||||
/* make sure we have exactly three digits after he comma */
|
||||
/* make sure we have exactly three digits after the comma */
|
||||
p = strchr (s, ',');
|
||||
if (p == NULL) {
|
||||
/* If there isn't a ',' the timestamp is broken */
|
||||
@ -867,6 +867,15 @@ parse_subrip_time (const gchar * ts_string, GstClockTime * t)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Check if the comma is too far into the string to avoid
|
||||
* stack overflow when zero-padding the sub-second part.
|
||||
*
|
||||
* Allow for 3 digits of hours just in case. */
|
||||
if ((p - s) > sizeof ("hhh:mm:ss,")) {
|
||||
GST_WARNING ("failed to parse subrip timestamp string '%s'", s);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
++p;
|
||||
len = strlen (p);
|
||||
if (len > 3) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user