GNOME Bugzilla – Bug 759547
dashdemux: insufficient validation of UTCtiming element
Last modified: 2015-12-16 16:21:30 UTC
gst_mpdparser_parse_utctiming_node does not validate the parsed values completely. The following scenarios are incorrectly accepted: - elements with no schemeIdUri property should be rejected - elements with unrecognized UTCTiming scheme should be rejected - elements with empty values should be rejected The last one triggers a division by 0 in gst_dash_demux_poll_clock_drift: clock_drift->selected_url = clock_drift->selected_url % g_strv_length (urls); because it urls is a valid pointer to an empty array.
Created attachment 317499 [details] [review] proposed fix and unit tests
commit b2e689890f046d9679932347e08648b4bc2f3d93 Author: Florin Apostol <florin.apostol@oregan.net> Date: Wed Dec 16 13:59:18 2015 +0000 dashdemux: improve validation of UTCtiming element gst_mpdparser_parse_utctiming_node does not validate the parsed values completely. The following scenarios are incorrectly accepted: - elements with no schemeIdUri property should be rejected - elements with unrecognized UTCTiming scheme should be rejected - elements with empty values should be rejected The last one triggers a division by 0 in gst_dash_demux_poll_clock_drift: clock_drift->selected_url = clock_drift->selected_url % g_strv_length (urls); because it urls is a valid pointer to an empty array. https://bugzilla.gnome.org/show_bug.cgi?id=759547