Le septidi 17 messidor, an CCXXIV, Rodger Combs a écrit : > +- Cue sheet demuxer
This is interesting. Just a quick remark while I have time:
> + } else if (!strncmp(ptr, "FILE ", 5)) {
> + if (!cue->url || !*cue->url) {
> + char url[4096] = {0};
> + av_freep(&cue->url);
> + ff_make_absolute_url(url, sizeof(url), s->filename,
> get_token(ptr + 5));
> + if (!(cue->url = av_strdup(url)))
> + return AVERROR(ENOMEM);
> + }
> + if ((ret = avformat_open_input(&cue->avf, cue->url, NULL, NULL)) < 0 ||
> + (ret = avformat_find_stream_info(cue->avf, NULL)) < 0) {
> + av_log(s, AV_LOG_ERROR, "Failed to open '%s'\n", cue->url);
> + avformat_close_input(&cue->avf);
> + return ret;
> + }
That makes yet another format that can open arbitrary URLs depending on
external contents: security issue.
The check for safe/unsafe URLs needs to be factored.
Also, there is the matter of the io_open() callback to check, I do not
remember how it works.
Regards,
--
Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list [email protected] http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
