After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 752429 - dashdemux: negative numbers are successfully read into unsigned variables
dashdemux: negative numbers are successfully read into unsigned variables
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
git master
Other Linux
: Normal normal
: 1.7.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-07-15 16:25 UTC by Florin Apostol
Modified: 2015-10-29 10:57 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
proposed fix and unit tests (12.08 KB, patch)
2015-07-15 16:27 UTC, Florin Apostol 		none Details | Review
proposed fix and unit tests (10.45 KB, patch)
2015-10-28 16:25 UTC, Vincent Penquerc'h 		committed Details | Review

Description Florin Apostol 2015-07-15 16:25:52 UTC 
If the xml contains a negative number into an attribute that is supposed to be unsigned (eg durations, dates, ranges), the parser will successfully read it and store the negative value as unsigned. I think it should reject the value and consider the parsing of that attribute a failure.
Comment 1 Florin Apostol 2015-07-15 16:27:28 UTC 
Created attachment 307487 [details] [review]
proposed fix and unit tests

attached a proposed fix and unit test reproducing the problem
Comment 2 Vincent Penquerc'h 2015-09-16 16:39:43 UTC 
Review of attachment 307487 [details] [review]:

::: ext/dash/gstmpdparser.c
@@ +261,3 @@
   if (prop_string) {
+    if (sscanf ((gchar *) prop_string, "%u", property_value) &&
+        strstr ((gchar *) prop_string, "-") == NULL) {

minor, but could use strchr since it's a single char

@@ +727,1 @@
       goto error;

Why not valid range ? Same for hours etc below. Assuming no leap seconds.
Comment 3 Florin Apostol 2015-09-16 16:51:23 UTC 
(In reply to Vincent Penquerc'h from comment #2)
> Review of attachment 307487 [details] [review] [review]:
> 
> ::: ext/dash/gstmpdparser.c
> @@ +261,3 @@
>    if (prop_string) {
> +    if (sscanf ((gchar *) prop_string, "%u", property_value) &&
> +        strstr ((gchar *) prop_string, "-") == NULL) {
> 
> minor, but could use strchr since it's a single char
No, because the possibility of spaces at the beginning of the string.

> 
> @@ +727,1 @@
>        goto error;
> 
> Why not valid range ? Same for hours etc below. Assuming no leap seconds.

Because 0 is not a valid value for year, month or day, but it is a valid value for hour, minute or second.
http://books.xmlschemata.org/relaxng/ch19-77049.html
Comment 4 Vincent Penquerc'h 2015-10-28 16:25:56 UTC 
Created attachment 314335 [details] [review]
proposed fix and unit tests

I merged this to latest master, if you want to double check. Some of the hunks were already applied. If no comment, I'll push this later.
Comment 5 Vincent Penquerc'h 2015-10-29 10:57:27 UTC 
commit 7c2746f741ae25dc3086677306dd9d87012e0a57
Author: Florin Apostol <florin.apostol@oregan.net>
Date:   Wed Oct 28 16:24:01 2015 +0000

    dashdemux: corrected parsing of negative values into unsigned data
    
    https://bugzilla.gnome.org/show_bug.cgi?id=752429