[FFmpeg-cvslog] mov: Double-check that alias path is not an absolute path
Vittorio Giovara
git at videolan.org
Mon Apr 20 11:11:37 CEST 2015
ffmpeg | branch: master | Vittorio Giovara <vittorio.giovara at gmail.com> | Tue Apr 7 15:06:05 2015 +0200| [9286de045968ad456d4e752651eec22de5e89060] | committer: Vittorio Giovara
mov: Double-check that alias path is not an absolute path
nlvl_to and nlvl_from can be set to 1 if both alias and target files
are in the same directory, so actually check the first character of the
string. We can do this because MacOS filepaths (alis type 2) are always
converted to UNIX filepaths (alis type 18).
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9286de045968ad456d4e752651eec22de5e89060
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 2704dfb..70fa1e0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2301,7 +2301,7 @@ static int mov_open_dref(AVIOContext **pb, char *src, MOVDref *ref,
{
/* try relative path, we do not try the absolute because it can leak information about our
system to an attacker */
- if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
+ if (ref->nlvl_to > 0 && ref->nlvl_from > 0 && ref->path[0] != '/') {
char filename[1024];
char *src_path;
int i, l;
More information about the ffmpeg-cvslog
mailing list