[FFmpeg-devel] [PATCH v2 1/2] avformat/url: check double dot is not to parent directory
Marton Balint
cus at passwd.hu
Mon Jul 27 21:57:05 EEST 2020
On Mon, 27 Jul 2020, Steven Liu wrote:
> Marton Balint <cus at passwd.hu> 于2020年7月25日周六 下午5:40写道:
>>
>>
>>
>> On Sat, 25 Jul 2020, Zlomek, Josef wrote:
>>
>> > Hi Steven,
>> >
>> > It is better but still not correct. Consider this test:
>> >
>> > test("http://server/foo/bar",
>> > "a/b/../c/d/../e../.../..f/g../h../other/url/a.mp3/...");
>> > It should give "
>> > http://server/foo/bar/a/c/e../.../..f/g../h../other/url/a.mp3/...".
>> >
>> > I think the best would be to use strtok(p, "/") to split the path into the
>> > components and for each ".." component remove the previous one (if there
>> > are some still).
>>
>> And I also would like to point out that using static strings with
>> MAX_URL_SIZE is not OK. This function supports an arbitrary buffer size,
>> so limiting it to MAX_URL_SIZE is a bug.
> What about use av_malloc? or bprint?
> I think use av_malloc maybe easter to me.
It should be implemented in a way which does not use a temporary buffer.
Seems doable.
Regards,
Marton
More information about the ffmpeg-devel
mailing list