[Bug 796043] subparse: out-of-bounds array access when fixing SubRip markup

[GStreamer (GNOME Bugzilla)]

https://bugzilla.gnome.org/show_bug.cgi?id=796043

Thibault Saunier <tsaunier at gnome.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #371957|none                        |needs-work
             status|                            |

--- Comment #2 from Thibault Saunier <tsaunier at gnome.org> ---
Review of attachment 371957:
 --> (https://bugzilla.gnome.org/review?bug=796043&attachment=371957)

::: gst/subparse/gstsubparse.c
@@ +759,3 @@
 {
   gchar *cur, *next_tag;
+  GSList *open_tags = NULL;

GSlist sounds a bit suboptimal here, you kind of know that there shouldn't be
so many elements (the 32 limit seems to have passed unnoticed for a long time
:-)), so avoiding allocating all the time might be better. In practice it might
not matter much at all :-) (If it does a GPtrArray could be better).

@@ +819,3 @@
         if (num_open_tags == 0
+            || !g_slist_find_custom (open_tags, tag_name,
+                (GCompareFunc) g_strcmp0)) {

Looks like you are not ignoring the case anymore?

@@ -823,3 +824,3 @@
           next_tag -= strlen (end_tag);
         } else {
-          --num_open_tags;
+          GSList *first = g_slist_nth (open_tags, 0);

Well, that is open_tags itself :-)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.