From 6b19f117518a765a25c99d1c4b09f2838a8ed0c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
Date: Thu, 8 May 2025 09:04:52 +0300
Subject: [PATCH] tmplayer: Don't append NULL + 1 to the string buffer when
 parsing lines without text

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4417
Fixes CVE-2025-47808

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132>

CVE: CVE-2025-47808
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
 gst/subparse/tmplayerparse.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gst/subparse/tmplayerparse.c b/gst/subparse/tmplayerparse.c
index 807e332..a9225d3 100644
--- a/gst/subparse/tmplayerparse.c
+++ b/gst/subparse/tmplayerparse.c
@@ -125,7 +125,9 @@ tmplayer_parse_line (ParserState * state, const gchar * line, guint line_num)
        * durations from the start times anyway, so as long as the parser just
        * forwards state->start_time by duration after it pushes the line we
        * are about to return it will all be good. */
-      g_string_append (state->buf, text_start + 1);
+      if (text_start) {
+        g_string_append (state->buf, text_start + 1);
+      }
     } else if (line_num > 0) {
       GST_WARNING ("end of subtitle unit but no valid start time?!");
     }
-- 
2.50.1