typefind/xdgmime: Validate mimetypes to be valid GstStructure names before using them

On macOS, for example, "text/*" can be returned as mimetype for
plaintext files but we don't allow '*' in structure names and this would
cause critical warnings.

It's a valid mimetype but not a valid structure name.

Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/616

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/merge_requests/879>

1 files changed, 26 insertions, 0 deletions

diff --git a/gst/typefind/gsttypefindfunctions.c b/gst/typefind/gsttypefindfunctions.c
index baef18e05..eec103429 100644
--- a/gst/typefind/gsttypefindfunctions.c
+++ b/gst/typefind/gsttypefindfunctions.c
@@ -5327,6 +5327,26 @@ vivo_type_find (GstTypeFind * tf, gpointer unused)
 /*** XDG MIME typefinder (to avoid false positives mostly) ***/
 
 #ifdef USE_GIO
+static gboolean
+xdgmime_validate_name (const gchar * name)
+{
+  const gchar *s;
+
+  if (G_UNLIKELY (!g_ascii_isalpha (*name))) {
+    return FALSE;
+  }
+
+  /* FIXME: test name string more */
+  s = &name[1];
+  while (*s && (g_ascii_isalnum (*s) || strchr ("/-_.:+", *s) != NULL))
+    s++;
+  if (G_UNLIKELY (*s != '\0')) {
+    return FALSE;
+  }
+
+  return TRUE;
+}
+
 static void
 xdgmime_typefind (GstTypeFind * find, gpointer user_data)
 {
@@ -5371,6 +5391,12 @@ xdgmime_typefind (GstTypeFind * find, gpointer user_data)
     return;
   }
 
+  if (!xdgmime_validate_name (mimetype)) {
+    GST_LOG ("Ignoring mimetype with invalid structure name");
+    g_free (mimetype);
+    return;
+  }
+
   /* Again, we mainly want the xdg typefinding to prevent false-positives on
    * non-media formats, so suggest the type with a probability that trumps
    * uncertain results of our typefinders, but not more than that. */