[FFmpeg-devel] [PATCH v2 1/2] avformat/url: check double dot is not to parent directory
Steven Liu
lingjiujianke at gmail.com
Mon Jul 27 10:18:28 EEST 2020
Marton Balint <cus at passwd.hu> 于2020年7月25日周六 下午5:40写道:
>
>
>
> On Sat, 25 Jul 2020, Zlomek, Josef wrote:
>
> > Hi Steven,
> >
> > It is better but still not correct. Consider this test:
> >
> > test("http://server/foo/bar",
> > "a/b/../c/d/../e../.../..f/g../h../other/url/a.mp3/...");
> > It should give "
> > http://server/foo/bar/a/c/e../.../..f/g../h../other/url/a.mp3/...".
> >
> > I think the best would be to use strtok(p, "/") to split the path into the
> > components and for each ".." component remove the previous one (if there
> > are some still).
>
> And I also would like to point out that using static strings with
> MAX_URL_SIZE is not OK. This function supports an arbitrary buffer size,
> so limiting it to MAX_URL_SIZE is a bug.
What about use av_malloc? or bprint?
I think use av_malloc maybe easter to me.
>
> Regards,
> Marton
>
> >
Thanks
Steven
More information about the ffmpeg-devel
mailing list