From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 8B9D045E69 for ; Sun, 14 May 2023 09:30:35 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CFD0B68BEBD; Sun, 14 May 2023 12:30:32 +0300 (EEST) Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03olkn2082.outbound.protection.outlook.com [40.92.59.82]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8AE0E680969 for ; Sun, 14 May 2023 12:30:25 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dA6bvVrtVTB5O1p1dbp9O2Jy32VQNrafF0hf6xTzeu9Na7HqlHekPD/8+4RFeB1InBrVhymspT8xKN9jY+mNPAIeC3yn6BM+CRMGHoTDHhK/tgdejO84lHhvlgx+BMZwb4/Bp5Sk97mC1P5zTWCt1QB/PgDDD43obq/n8p/GIgmS7liHZqjl6wDv9sJ9WC8bijyAP1hYgSlM0LJOacnL4Q6HJ1WQndFihPSFAGzIxdsuSd7X60YcOcS0clKURrc+G13Odx1iGWyUfFYqJcxg0GBpyVLediPahMNnAQfYsoc64MB2sAR7x+yfDSz+3ffDdtVLuxBuyH9aMg69KwOBGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CynWmLZRbuIoNaX7lFSsTPcYGIFFBYrxZo0UsE01NcY=; b=daeWsM4pzARcXxiQc6lsaA+IbOzR3hpmKqylXDzZB01w6/QMH96QmkXOWBDOzwqUMh3irr2vO31yY5bqxEp8T2/E+v0XkuE4+l6GZDIPzr9bmj0JI+LKjjJ939PMtymKCXV8bLX/OxjF8pY1M1U51Zj0avMEeP9jUI7USjIT+o0oqaz8Q1WLYnJQ1npu3fZgCVOGfmNku1O1uoEqSzsZG3KIVyM34TxZDTHQXTggaGBl0DGpYPOE16BTrsvM8eB9BLEEAO1/PEZpCymqBcMg2LZmu5Hayz3hQaezWGMRh6erujfiil4LX6cgRC7qqGZahdDWDDDlPgvOjKyk2R++/A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CynWmLZRbuIoNaX7lFSsTPcYGIFFBYrxZo0UsE01NcY=; b=qwcjfuA2HdMce16B/08V5MFZMnt4gwHPSfgGI6aYqiPwEFDwx8BdFL730qqec4IDdjxDiB628v2z5VssvatqSuAygaVU4nQUPbRhgZbpKKxzaJBhUT1EjG7Itll9CrOJgFuCcTFeVT3Hglx+5l1gHXYs5Iyv/YFkqeg2664q1HQ0yARG0z8mKEEEi9BYpbiLeyfj//uY3DST71S9UkWjs1RpnA+0pR90Xkk0VIw4Cm6uBj5JPCDt7H9EIuN5dwLn7Yps6yL9wmD1Xb3BtR7f/2fz2e4PaVS9FZhhymN1LeTjadK4M0C3IXmFyi9FtPSG7YPRgQxkpDKsOHk0KMu88A== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by DU2P250MB0224.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:279::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6387.29; Sun, 14 May 2023 09:30:24 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::23e8:8a64:9328:dc61]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::23e8:8a64:9328:dc61%4]) with mapi id 15.20.6387.025; Sun, 14 May 2023 09:30:24 +0000 Message-ID: Date: Sun, 14 May 2023 11:31:07 +0200 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20230512202622.29531-1-leo.izen@gmail.com> From: Andreas Rheinhardt In-Reply-To: <20230512202622.29531-1-leo.izen@gmail.com> X-TMN: [BW/6WmFiKUweKFSbB5YXhRilwvkSIgh5] X-ClientProxiedBy: ZR0P278CA0193.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:44::23) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <9afd9269-5cb6-1f76-7452-15f5d5c0adb4@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|DU2P250MB0224:EE_ X-MS-Office365-Filtering-Correlation-Id: 0302a99c-8e54-4748-edc9-08db545dd816 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JBje2BWmfKXejorn2WPCV+fx/bM9oYJXAt36bUPfS7ocIhDqA65JBnITcRZmo+DMc+17S3z+x77TRl2wCbLZ+/m/mwc6PZpFh4OrGIeRxpqoc5Q08nSaXjdcWEOEI5TZ/JYKGCn/2vBZu5OhfdxlYh3c8s2IqjWr2SDKJU23nPqUHrsdNkXndwBvH5AaCkOaTYi+Qq5Ibuq6elsZ3aYY8OY4kCvgti915jI6v+8i5oClICet4h4O2djh/0iIvfdFvLAts2H6twT8RR3dRSU2fjqrJSWIRi4Xr7ehs950rfIIwsfDocJlxs2ug+/N8NkIi0TSxCqYheefe78d9bVYS1GtJWmUWYLew/0KpfiLdOpPtuJceJMHjeZTgtdZ6qf1DGhPLQZkjzdM6+NJw4t6dzACOkGNIUsF7Dnc+DB2vMZQ8w3MfAeJaHRSxY5+oeHcmcLBjw4hqpfL0Ob+P/sRPw0i42EyK8zOh3bx/4i/hIgrCw6ZsSe2QnP7OhPUjG+BB7MZnPNYWz/gLClkJRa6arefAMM59zPJAxG3FGepSeKDFO/NuXh9VnuV1WCV1xyMEDXbbF1omWvQpUAdIUGcuNu+Ux5yGLTteYW4RQ7I3kE= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?c0djcFdrZnJObGd0N2RiOWNyK1lCUVFhQlRXZzNCNHM0TGVFRmI1VHZJakll?= =?utf-8?B?VXhPVlZrUmpOaUdYYWk4dTdHcG9TMm9zZjhUUnRnRThpbEFzRDltdjZSTGZY?= =?utf-8?B?ejhmZm5YclVDZDR6MDFEMnNzbmhkYnB2bGdldmZ5SVNsM0NWcC9aSCs5ZkdK?= =?utf-8?B?WXNnRDQ2WUZpR3ludGNVOWkrRlRnOHdRWjdiSmZ4MEhCQk5EVFpickxyaGxl?= =?utf-8?B?NGx6Q3pvODh6ek1EY3M2VDdDN2FJWlJUUENaUEdyeFdMOXVjWWdpeHZIOENp?= =?utf-8?B?YXcwTzhOWDRMQXVZenRVT21CYS9BMWRVVTlzOGpFR2UyZ3BDeUJwTTZUSWkx?= =?utf-8?B?TmdnNE5DVFhld0hJbzhEL1R3ZTdFSDF4VFJ0a2NaWkE2SEZtSjYwZWRLRW0z?= =?utf-8?B?dm83UVlWQ0Y4Mi9XeTU5RC9rUkxLQlIvbFVKd2ZzcXpsNmZpcnBQOEdjTDZI?= =?utf-8?B?QlZDbkxTYXBOYy9LTG1RcnlhSFppRDRZRHNtYXUxR21vbnlxaCs3aUpRODFJ?= =?utf-8?B?NW1hWXN0RmdWaWxyZWw1QlpvRWVKcEwwWnJ3ajRFZFRKcVM4ZkczVkVZb202?= =?utf-8?B?eHRGLy9VTUhlQ3d1dkRUUUhGMWVtQmJoY2kwRi9wQ3AwTUhYUHZvWkFTK0w2?= =?utf-8?B?ckV4R1B1YWNRNVlxRkJuSmlUZEEzcHFCK3BUUlRCcHVjUWxIenYzVUM4b2k0?= =?utf-8?B?MWZxUFc5dUNoNFJ1QWd2elc5Z2ZZVjB0eWZhR05QQzdkQ1UrOTJVZFg0T3dr?= =?utf-8?B?OU83UDhsbXIxc0lwV09tMjZUcERrVWxrNE4zald2OWFrMTRhWGUyMytsWFFK?= =?utf-8?B?V2QrWjBBazBwZVBpRURrRUR4UGdwU0lCMitrL3JLeHNHbTRjMWMrdGEwOEpS?= =?utf-8?B?MXc0eUpJMEVYWXhpSS9vMXVSMFJLUnN5VytYbnloamhrMG1RcTNuYk5maFNG?= =?utf-8?B?Mmk1UG0wMkZaRW0zSGNSTjIzQzhTMTVJMXV1ZUkzYUU2SU1TMFZjUlpZb0E2?= =?utf-8?B?ZEJrM1dTOU8yUnJwdXdPd2NIWDBTMXJKNE1EYTFlTjc4RXMyd1d4Ty9QckpS?= =?utf-8?B?YWxWamF2eWw5Vk9UKzFOVTgrQ0ZVN3RZZVQwQmFJV0hOTnl3bkQyWThMTWtK?= =?utf-8?B?TmRtMllJMWczOURzQWU3WmJoZzFBNmZRK2RkOUdVemNrbEhzcmpTWnhrcnFw?= =?utf-8?B?TEhOang1TUFucDZ4d0JLV1kvb2ZyM0NjSFViZjVjUkdDSjFLMEozU2M2cHhY?= =?utf-8?B?SFJBbVJrU0V0c0E2UnNjUzhsRFFiQTRaRUh6bXFCS3hHS2FiVVJabmFkZ1NV?= =?utf-8?B?WGowRmFxUFRLMVRJbkt4djFVcGcxZFZKQmZ0WFU5UFplSmtZQ0VmU3R2NTd2?= =?utf-8?B?T3FKQ2NDUDFhZDRTbWdjc0t5aERQL3VsRFBCYXlYMFJIYjNScWJLRzVTWjBl?= =?utf-8?B?OHY3aTlORENhUE84NWNPeVg1S0tkY3BOTHpLT0E3VFR0REw1dVJ6a0daRThG?= =?utf-8?B?TzBxZEFBYTJ4V0IyQXhUcXNsVFArWlAwNUhDNXArZTRKSUlZLzFIb1FmejRy?= =?utf-8?B?VnA4RmNoRkYyYnVkd0VpT3BDcDNCcks1d1J2NmVsY0JWTlJ5QVI3VGhUUCs1?= =?utf-8?B?R1J2azhUbjZ6ME15NGdwK3BDZXoyQzZ6cDJESXJaVjZoT0Y2d2xRbGdJcjlQ?= =?utf-8?Q?h5gYcNDIW+4e08R69Lg2?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0302a99c-8e54-4748-edc9-08db545dd816 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 May 2023 09:30:24.0983 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2P250MB0224 Subject: Re: [FFmpeg-devel] [PATCH] avformat/hls: look for trailing GET headers with m3u8 extension check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Leo Izen: > After commit 6b1f68ccb04d791f0250e05687c346a99ff47ea1 we refuse to use > URLs of the form https://foo.bar/baz.m3u8?foo=bar because it fails the > file extension check. This commit strips the ?foo=bar at the end before > checking the file extension. > > Signed-off-by: Leo Izen > --- > libavformat/hls.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/libavformat/hls.c b/libavformat/hls.c > index 11e345b280..6a97cced17 100644 > --- a/libavformat/hls.c > +++ b/libavformat/hls.c > @@ -2534,7 +2534,16 @@ static int hls_probe(const AVProbeData *p) > strstr(p->buf, "#EXT-X-TARGETDURATION:") || > strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) { > > - if (!av_match_ext(p->filename, "m3u8,hls,m3u")) { > + char *request_qmark = strchr(p->filename, '?'); > + int match_ext; > + > + if (request_qmark) > + *request_qmark = '\0'; > + match_ext = av_match_ext(p->filename, "m3u8,hls,m3u"); > + if (request_qmark) > + *request_qmark = '?'; > + > + if (!match_ext) { > av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n"); > return 0; > } This temporarily modifies p->filename which is a const char* (you let strchr cast the const away); it is provided by the user and may point to read-only memory, i.e. restoring the string is not safe. Furthermore, it may lead to data races, because the string might be used somewhere else concurrently (hypothetically, we could even run the probe functions in a multi-threaded way). - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".