[FFmpeg-devel] [PATCH 3/3] avformat: add youtube-dl based demuxer

wm4 nfxjfg at googlemail.com
Wed Apr 8 19:30:12 CEST 2015


On Wed, 8 Apr 2015 19:27:55 +0200
Gilles Chanteperdrix <gilles.chanteperdrix at xenomai.org> wrote:

> On Wed, Apr 08, 2015 at 07:24:27PM +0200, wm4 wrote:
> > On Wed,  8 Apr 2015 19:16:38 +0200
> > Gilles Chanteperdrix <gilles.chanteperdrix at xenomai.org> wrote:
> > 
> > > Signed-off-by: Gilles Chanteperdrix <gilles.chanteperdrix at xenomai.org>
> > > ---
> > >  libavformat/Makefile     |   1 +
> > >  libavformat/allformats.c |   1 +
> > >  libavformat/youtubedl.c  | 221 +++++++++++++++++++++++++++++++++++++++++++++++
> > >  3 files changed, 223 insertions(+)
> > >  create mode 100644 libavformat/youtubedl.c
> > > 
> > > diff --git a/libavformat/Makefile b/libavformat/Makefile
> > > index 8d9a770..788b505 100644
> > > --- a/libavformat/Makefile
> > > +++ b/libavformat/Makefile
> > > @@ -487,6 +487,7 @@ OBJS-$(CONFIG_LIBQUVI_DEMUXER)           += libquvi.o
> > >  OBJS-$(CONFIG_LIBRTMP)                   += librtmp.o
> > >  OBJS-$(CONFIG_LIBSSH_PROTOCOL)           += libssh.o
> > >  OBJS-$(CONFIG_LIBSMBCLIENT_PROTOCOL)     += libsmbclient.o
> > > +OBJS-$(CONFIG_YOUTUBEDL_DEMUXER)         += youtubedl.o
> > >  
> > >  # protocols I/O
> > >  OBJS-$(CONFIG_APPLEHTTP_PROTOCOL)        += hlsproto.o
> > > diff --git a/libavformat/allformats.c b/libavformat/allformats.c
> > > index e6a9d01..a684b73 100644
> > > --- a/libavformat/allformats.c
> > > +++ b/libavformat/allformats.c
> > > @@ -386,6 +386,7 @@ void av_register_all(void)
> > >      REGISTER_DEMUXER (LIBMODPLUG,       libmodplug);
> > >      REGISTER_MUXDEMUX(LIBNUT,           libnut);
> > >      REGISTER_DEMUXER (LIBQUVI,          libquvi);
> > > +    REGISTER_DEMUXER (YOUTUBEDL,	youtubedl);
> > >      REGISTER_PROTOCOL(LIBRTMP,          librtmp);
> > >      REGISTER_PROTOCOL(LIBRTMPE,         librtmpe);
> > >      REGISTER_PROTOCOL(LIBRTMPS,         librtmps);
> > > diff --git a/libavformat/youtubedl.c b/libavformat/youtubedl.c
> > > new file mode 100644
> > > index 0000000..2d4ec60
> > > --- /dev/null
> > > +++ b/libavformat/youtubedl.c
> > > @@ -0,0 +1,221 @@
> > > +/*
> > > + * Copyright (c) 2015 Gilles Chanteperdrix <gch at xenomai.org>
> > > + *
> > > + * This file is part of FFmpeg.
> > > + *
> > > + * FFmpeg is free software; you can redistribute it and/or
> > > + * modify it under the terms of the GNU Lesser General Public
> > > + * License as published by the Free Software Foundation; either
> > > + * version 2.1 of the License, or (at your option) any later version.
> > > + *
> > > + * FFmpeg is distributed in the hope that it will be useful,
> > > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> > > + * Lesser General Public License for more details.
> > > + *
> > > + * You should have received a copy of the GNU Lesser General Public
> > > + * License along with FFmpeg; if not, write to the Free Software
> > > + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> > > + */
> > > +
> > > +#include <stdlib.h>
> > > +#include <unistd.h>
> > > +
> > > +#include "libavformat/avformat.h"
> > > +#include "libavformat/internal.h"
> > > +#include "libavutil/avassert.h"
> > > +#include "libavutil/avstring.h"
> > > +#include "libavutil/file.h"
> > > +#include "libavutil/opt.h"
> > > +
> > > +typedef struct {
> > > +    const AVClass *class;
> > > +    char *format;
> > > +    AVFormatContext *fmtctx;
> > > +} YoutubeDlContext;
> > > +
> > > +#define OUTBUF_SIZE 2048
> > > +#define OFFSET(x) offsetof(YoutubeDlContext, x)
> > > +#define FLAGS AV_OPT_FLAG_DECODING_PARAM
> > > +static const AVOption youtubedl_options[] = {
> > > +    { "format", "request specific format", OFFSET(format), AV_OPT_TYPE_STRING, {.str="best"}, .flags = FLAGS },
> > > +    { NULL }
> > > +};
> > > +
> > > +static const AVClass youtubedl_context_class = {
> > > +    .class_name     = "youtubedl",
> > > +    .item_name      = av_default_item_name,
> > > +    .option         = youtubedl_options,
> > > +    .version        = LIBAVUTIL_VERSION_INT,
> > > +};
> > > +
> > > +static int youtubedl_close(AVFormatContext *s)
> > > +{
> > > +    YoutubeDlContext *yc = s->priv_data;
> > > +    if (yc->fmtctx)
> > > +        avformat_close_input(&yc->fmtctx);
> > > +    return 0;
> > > +}
> > > +
> > > +static int youtubedl_get_output(char *output, size_t output_size, 
> > > +				AVFormatContext *s, const char *command)
> > > +{
> > > +    char *output_filename;
> > > +    int fd, ret, eof;
> > > +    size_t line_len;
> > > +    FILE *f;
> > > +
> > > +    fd = av_tempfile("youtubedl", &output_filename, 0, s);
> > > +    if (fd < 0) {
> > > +	av_log(s, AV_LOG_ERROR, "Failed to create temporary file\n");
> > > +	return fd;
> > > +    }
> > > +    close(fd);
> > > +
> > > +    command = av_asprintf("%s > %s", command, output_filename);
> > > +    if (!command) {
> > > +	av_log(s, AV_LOG_ERROR, "Out of memory\n");
> > > +	ret = AVERROR(ENOMEM);
> > > +	goto err_unlink_output;
> > > +    }
> > > +
> > > +    ret = system(command);
> > > +    av_free((void *)command);
> > > +
> > > +    if (ret != 0) {
> > > +	av_log(s, AV_LOG_ERROR, "Unexpected youtube-dl error\n");
> > > +	ret = ret < 0 ? AVERROR(errno) : AVERROR_EXTERNAL;
> > > +	goto err_unlink_output;
> > > +    }
> > > +
> > > +    f = fopen(output_filename, "rb");
> > > +    if (!f) {
> > > +	av_log(s, AV_LOG_ERROR, "Unexpected error opening youtube-dl output\n");
> > > +	ret = AVERROR(errno);
> > > +	goto err_unlink_output;
> > > +    }
> > > +
> > > +    eof = !fgets(output, output_size, f);
> > > +    fclose(f);
> > > +    if (eof) {
> > > +	if (s)
> > > +	    av_log(s, AV_LOG_ERROR, "Empty youtube-dl output\n");
> > > +	ret = AVERROR_INVALIDDATA;
> > > +	goto err_unlink_output;
> > > +    }
> > > +
> > > +    line_len = strcspn(output, "\r\n");
> > > +    if (line_len == output_size - 1) {
> > > +	av_log(s, AV_LOG_ERROR, "youtube-dl output to large\n");
> > > +	ret = AVERROR_INVALIDDATA;
> > > +	goto err_unlink_output;
> > > +    }
> > > +    output[line_len] = '\0';
> > > +    ret = 0;
> > > +    
> > > +  err_unlink_output:
> > > +    unlink(output_filename);
> > > +    av_free(output_filename);
> > > +    return ret;
> > > +}
> > > +
> > > +static int youtubedl_read_header(AVFormatContext *s)
> > > +{
> > > +    char buffer[OUTBUF_SIZE];
> > > +    YoutubeDlContext *yc = s->priv_data;
> > > +    char *media_url, *pagetitle;
> > > +    int ret, i;
> > > +
> > > +    snprintf(buffer, sizeof(buffer), "youtube-dl -e '%s'", s->filename);
> > > +    ret = youtubedl_get_output(buffer, sizeof(buffer), s, buffer);
> > > +    pagetitle = ret < 0 ? NULL : av_strdup(buffer);
> > > +    
> > > +    snprintf(buffer, sizeof(buffer), "youtube-dl -f %s -g '%s'", 
> > > +	    yc->format, s->filename);
> > > +    ret = youtubedl_get_output(buffer, sizeof(buffer), s, buffer);
> > > +    if (ret < 0)
> > > +	goto err_free_pagetitle;
> > > +    media_url = av_strdup(buffer);
> > > +
> > > +    yc->fmtctx = avformat_alloc_context();
> > > +
> > > +    if ((ret = ff_copy_whitelists(yc->fmtctx, s)) < 0)
> > > +        goto err_free_context;
> > > +
> > > +    ret = avformat_open_input(&yc->fmtctx, media_url, NULL, NULL);
> > > +    if (ret < 0)
> > > +        goto err_free_media_url;
> > > +
> > > +    ret = avformat_find_stream_info(yc->fmtctx, NULL);
> > > +    if (ret < 0)
> > > +        goto err_free_media_url;
> > > +
> > > +    if (pagetitle && pagetitle[0])
> > > +        av_dict_set(&s->metadata, "title", pagetitle, 0);
> > > +
> > > +    for (i = 0; i < yc->fmtctx->nb_streams; i++) {
> > > +        AVStream *st = avformat_new_stream(s, NULL);
> > > +        AVStream *ist = yc->fmtctx->streams[i];
> > > +        if (!st) {
> > > +            ret = AVERROR(ENOMEM);
> > > +            goto err_close_input;
> > > +        }
> > > +        avpriv_set_pts_info(st, ist->pts_wrap_bits, ist->time_base.num, ist->time_base.den);
> > > +        avcodec_copy_context(st->codec, yc->fmtctx->streams[i]->codec);
> > > +    }
> > > +    s->duration = yc->fmtctx->duration;
> > > +    s->start_time = yc->fmtctx->start_time;
> > > +    s->bit_rate = yc->fmtctx->bit_rate;
> > > +
> > > +    return 0;
> > > +
> > > +  err_close_input:
> > > +    avformat_close_input(&yc->fmtctx);
> > > +  err_free_media_url:
> > > +    av_free(media_url);
> > > +  err_free_pagetitle:
> > > +    av_free(pagetitle);
> > > +    return ret;
> > > +
> > > +  err_free_context:
> > > +    avformat_free_context(yc->fmtctx);
> > > +    goto err_free_media_url;
> > > +}
> > > +
> > > +static int youtubedl_read_packet(AVFormatContext *s, AVPacket *pkt)
> > > +{
> > > +    YoutubeDlContext *yc = s->priv_data;
> > > +    return av_read_frame(yc->fmtctx, pkt);
> > > +}
> > > +
> > > +static int youtubedl_read_seek(AVFormatContext *s, int stream_index, int64_t timestamp, int flags)
> > > +{
> > > +    YoutubeDlContext *yc = s->priv_data;
> > > +    return av_seek_frame(yc->fmtctx, stream_index, timestamp, flags);
> > > +}
> > > +
> > > +static int youtubedl_probe(AVProbeData *p)
> > > +{
> > > +    char buffer[OUTBUF_SIZE];
> > > +    int ret;
> > > +
> > > +    snprintf(buffer, sizeof(buffer), 
> > > +	    "youtube-dl --match-filter 'extractor != generic' -g '%s'",
> > > +	    p->filename);
> > > +    ret = youtubedl_get_output(buffer, sizeof(buffer), NULL, buffer);
> > > +
> > > +    return ret == 0 ? AVPROBE_SCORE_EXTENSION : 0;
> > > +}
> > > +
> > > +AVInputFormat ff_youtubedl_demuxer = {
> > > +    .name           = "youtubedl",
> > > +    .long_name      = NULL_IF_CONFIG_SMALL("youtubedl demuxer"),
> > > +    .priv_data_size = sizeof(YoutubeDlContext),
> > > +    .read_probe     = youtubedl_probe,
> > > +    .read_header    = youtubedl_read_header,
> > > +    .read_packet    = youtubedl_read_packet,
> > > +    .read_close     = youtubedl_close,
> > > +    .read_seek      = youtubedl_read_seek,
> > > +    .priv_class     = &youtubedl_context_class,
> > > +    .flags          = AVFMT_NOFILE,
> > > +};
> > 
> > Nice security hole.
> 
> how is that ? I do not see any buffer overflow possible.
> 

Probably something like: ffplay "http://' rm -rf #"


More information about the ffmpeg-devel mailing list