[FFmpeg-devel] [PATCH 1/5] lavf: add cue sheet demuxer
Nicolas George
george at nsup.org
Tue Jul 5 09:24:02 EEST 2016
Le septidi 17 messidor, an CCXXIV, Rodger Combs a écrit :
> +- Cue sheet demuxer
This is interesting. Just a quick remark while I have time:
> + } else if (!strncmp(ptr, "FILE ", 5)) {
> + if (!cue->url || !*cue->url) {
> + char url[4096] = {0};
> + av_freep(&cue->url);
> + ff_make_absolute_url(url, sizeof(url), s->filename, get_token(ptr + 5));
> + if (!(cue->url = av_strdup(url)))
> + return AVERROR(ENOMEM);
> + }
> + if ((ret = avformat_open_input(&cue->avf, cue->url, NULL, NULL)) < 0 ||
> + (ret = avformat_find_stream_info(cue->avf, NULL)) < 0) {
> + av_log(s, AV_LOG_ERROR, "Failed to open '%s'\n", cue->url);
> + avformat_close_input(&cue->avf);
> + return ret;
> + }
That makes yet another format that can open arbitrary URLs depending on
external contents: security issue.
The check for safe/unsafe URLs needs to be factored.
Also, there is the matter of the io_open() callback to check, I do not
remember how it works.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160705/d77ddd02/attachment.sig>
More information about the ffmpeg-devel
mailing list