[FFmpeg-devel] [PATCH 1/2] avformat/http: return EINVAL if ff_http_do_new_request is called with non-http URLContext
Aman Gupta
ffmpeg at tmm1.net
Sat Dec 30 20:21:25 EET 2017
On Sat, Dec 30, 2017 at 10:11 AM wm4 <nfxjfg at googlemail.com> wrote:
> On Fri, 29 Dec 2017 15:41:57 -0800
> Aman Gupta <ffmpeg at tmm1.net> wrote:
>
> > From: Aman Gupta <aman at tmm1.net>
> >
> > Signed-off-by: Aman Gupta <aman at tmm1.net>
> > ---
> > libavformat/http.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/libavformat/http.c b/libavformat/http.c
> > index a376f1a488..8f7e56de54 100644
> > --- a/libavformat/http.c
> > +++ b/libavformat/http.c
> > @@ -311,6 +311,11 @@ int ff_http_do_new_request(URLContext *h, const
> char *uri)
> char hostname1[1024], hostname2[1024], proto1[10], proto2[10];
> > int port1, port2;
> >
> > + if (!h->prot ||
> > + !(!strcmp(h->prot->name, "http") ||
> > + !strcmp(h->prot->name, "https")))
> > + return AVERROR(EINVAL);
> > +
> > av_url_split(proto1, sizeof(proto1), NULL, 0,
> > hostname1, sizeof(hostname1), &port1,
> > NULL, 0, s->location);
>
> I rejected this, why was it pushed?
Sorry, I understood the rejection to be about the second patch in the set,
which is a hack to avoid crypto-wrapped segments.
This patch enforces that ff_http_do_new_request() is only invoked on
http/https URLContext, which seemed like a sane safe-guard to me.
Aman
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
More information about the ffmpeg-devel
mailing list