From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id DB3AD45E79 for ; Sun, 14 May 2023 12:03:39 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E1EC468BE4A; Sun, 14 May 2023 15:03:36 +0300 (EEST) Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com [209.85.219.182]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3420568BA7B for ; Sun, 14 May 2023 15:03:30 +0300 (EEST) Received: by mail-yb1-f182.google.com with SMTP id 3f1490d57ef6-ba21644874cso1585085276.0 for ; Sun, 14 May 2023 05:03:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684065808; x=1686657808; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=eJkknPhdlxsLGeP61NaNCZToHKN/qdRSmBPWKofQvE0=; b=JTLEhB76tcwSDYdOLxA62kkNcCrZGE7m5tC0+YLS84Bil4ofp6tv/NPE8Yb31o3+dw xc/Gf8V8QlwvUsnhJq59TcEFMvMhO5EuCn5lNvtDslf+8Uc3r4LdsMc73RF4bnQsleLZ Eww/WXTNF/8XDPPqnzPhAhEGld5O0raZCLjov95oFYTBrn8/dDOqeWJeUeXwKAwIa1S7 vp2lVijkSlo0H7TNzu6oDv1/PhZhqoR8Di5M6VkRHh+WSWmASpgI1IqstqU3mxk/AtJO oMGDiK43+UQ7fwXXcePppWWlBWu93uswqPadbpLQWqGdx5WDneSKgqwZiXZYK0GdbC3G W3bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684065808; x=1686657808; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eJkknPhdlxsLGeP61NaNCZToHKN/qdRSmBPWKofQvE0=; b=DyaO7wvRBrP5X2otB8YPp7SHTmJi3SXRPmCPjLW/hTi7Q0OwMrWpeUhePX1nlnyxg/ +awHm7QhM4WHhvGEwtURUA18snUHdNjUHJURK67L23nG6qW/O9IIkSD0aQH4yPZm+KWa 9jO4rt9jARYlP/zChKckBhpTWxPtsgSMLWl0LqjK/nr6tGFCjdlLQqmVAF+GcsoNasrK mmjorDt7J7ePSBny+/A8fDXLK9iz5oGjGvuQMbFCScHEuHbExEbnK8J3nDg85FQ4yDHe KT20QSRmC4J8a3VUVG8vgxFQqqw373VPfoVmAZbH5URIAYImWe0kCTE8YnDaLNE0rKoZ 0/zw== X-Gm-Message-State: AC+VfDx8VECD5+IsabrkNkiCV+CtnaZHPvnQbJdGp9TyFqbvxLQSdPVF ypZU4AYesEMwchsHvg0XOW0NAs3AhZs= X-Google-Smtp-Source: ACHHUZ5F0bcWYIHC+1c0PLn1/6e1oocu8guJeW+UKESn89IwJIizBKT6XMppTA8Kj6VXxx2+IUqXNA== X-Received: by 2002:a25:abcc:0:b0:b9d:b2b6:7fd9 with SMTP id v70-20020a25abcc000000b00b9db2b67fd9mr4243738ybi.1.1684065808140; Sun, 14 May 2023 05:03:28 -0700 (PDT) Received: from [192.168.1.35] (c-98-224-219-15.hsd1.mi.comcast.net. [98.224.219.15]) by smtp.gmail.com with ESMTPSA id 2-20020a250402000000b00b7b0aba5cccsm6372128ybe.22.2023.05.14.05.03.27 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 14 May 2023 05:03:27 -0700 (PDT) Message-ID: Date: Sun, 14 May 2023 08:03:26 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 To: ffmpeg-devel@ffmpeg.org References: <20230512202622.29531-1-leo.izen@gmail.com> Content-Language: en-US-large From: Leo Izen In-Reply-To: Subject: Re: [FFmpeg-devel] [PATCH] avformat/hls: look for trailing GET headers with m3u8 extension check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 5/14/23 05:31, Andreas Rheinhardt wrote: > Leo Izen: >> After commit 6b1f68ccb04d791f0250e05687c346a99ff47ea1 we refuse to use >> URLs of the form https://foo.bar/baz.m3u8?foo=bar because it fails the >> file extension check. This commit strips the ?foo=bar at the end before >> checking the file extension. >> >> Signed-off-by: Leo Izen >> --- >> libavformat/hls.c | 11 ++++++++++- >> 1 file changed, 10 insertions(+), 1 deletion(-) >> >> diff --git a/libavformat/hls.c b/libavformat/hls.c >> index 11e345b280..6a97cced17 100644 >> --- a/libavformat/hls.c >> +++ b/libavformat/hls.c >> @@ -2534,7 +2534,16 @@ static int hls_probe(const AVProbeData *p) >> strstr(p->buf, "#EXT-X-TARGETDURATION:") || >> strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) { >> >> - if (!av_match_ext(p->filename, "m3u8,hls,m3u")) { >> + char *request_qmark = strchr(p->filename, '?'); >> + int match_ext; >> + >> + if (request_qmark) >> + *request_qmark = '\0'; >> + match_ext = av_match_ext(p->filename, "m3u8,hls,m3u"); >> + if (request_qmark) >> + *request_qmark = '?'; >> + >> + if (!match_ext) { >> av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n"); >> return 0; >> } > > This temporarily modifies p->filename which is a const char* (you let > strchr cast the const away); it is provided by the user and may point to > read-only memory, i.e. restoring the string is not safe. Furthermore, it > may lead to data races, because the string might be used somewhere else > concurrently (hypothetically, we could even run the probe functions in a > multi-threaded way). > > - Andreas Would you recommend I strdup instead? I considered that but wanted to avoid the heap allocation. - Leo Izen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".