packages/gstreamer1-plugins-base
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gstreamer1-plugins-base/CVE-2023-37328.patch
technology208 8f6cb204fa subparse end_tag and CVE-2023-37328:skip over the end of a valid closing tag instead of only skipping < 
(cherry picked from commit 9cb1cb4b4ddb4482ef980315d80be3cdbd704a74)
2024-05-21 10:07:31 +08:00

44 lines
1.5 KiB
Diff
Raw Permalink Blame History

From 803fec1d19a401af00153e0b5791bf9a14e11ca4 Mon Sep 17 00:00:00 2001
From: technology208 <technology@208suo.com>
Date: Thu, 11 Apr 2024 15:33:46 +0800
Subject: [PATCH] CreatePatch
---
gst/subparse/gstsubparse.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c
index 382e430..423112a 100644
--- a/gst/subparse/gstsubparse.c
+++ b/gst/subparse/gstsubparse.c
@@ -815,19 +815,22 @@ subrip_fix_up_markup (gchar ** p_txt, gconstpointer allowed_tags_ptr)
}
if (*next_tag == '<' && *(next_tag + 1) == '/') {
- end_tag = strchr (cur, '>');
+ end_tag = strchr (next_tag, '>');
if (end_tag) {
const gchar *last = NULL;
if (num_open_tags > 0)
last = g_ptr_array_index (open_tags, num_open_tags - 1);
if (num_open_tags == 0
|| g_ascii_strncasecmp (end_tag - 1, last, strlen (last))) {
- GST_LOG ("broken input, closing tag '%s' is not open", end_tag - 1);
- memmove (next_tag, end_tag + 1, strlen (end_tag) + 1);
- next_tag -= strlen (end_tag);
+ GST_LOG ("broken input, closing tag '%s' is not open", next_tag);
+ memmove (next_tag, end_tag + 1, strlen (end_tag));
+ cur = next_tag;
+ continue;
} else {
--num_open_tags;
g_ptr_array_remove_index (open_tags, num_open_tags);
+ cur = end_tag + 1;
+ continue;
}
}
}
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink