[FFmpeg-devel] [PATCH v3] avformat/url: check url root node when rel include double dot
Nicolas George
george at nsup.org
Mon Apr 27 14:14:03 EEST 2020
Steven Liu (12020-04-27):
> fix ticket: 8625
> and add testcase into url for double dot corner case
>
> Signed-off-by: Steven Liu <liuqi05 at kuaishou.com>
> ---
> libavformat/tests/url.c | 3 +++
> libavformat/url.c | 21 +++++++++++++++++++--
> tests/ref/fate/url | 3 +++
> 3 files changed, 25 insertions(+), 2 deletions(-)
>
> diff --git a/libavformat/tests/url.c b/libavformat/tests/url.c
> index 5e484fd428..02d0d59aa8 100644
> --- a/libavformat/tests/url.c
> +++ b/libavformat/tests/url.c
> @@ -56,6 +56,7 @@ int main(void)
> test("/foo/bar", "baz");
> test("/foo/bar", "../baz");
> test("/foo/bar", "/baz");
> + test("/foo/bar", "../../../baz");
> test("http://server/foo/", "baz");
> test("http://server/foo/bar", "baz");
> test("http://server/foo/", "../baz");
> @@ -65,6 +66,8 @@ int main(void)
> test("http://server/foo/bar?param=value/with/slashes", "/baz");
> test("http://server/foo/bar?param&otherparam", "?someparam");
> test("http://server/foo/bar", "//other/url");
> + test("http://server/foo/bar", "../../../../../other/url");
> + test("http://server/foo/bar", "/../../../../../other/url");
>
> printf("\nTesting av_url_split:\n");
> test2("/foo/bar");
> diff --git a/libavformat/url.c b/libavformat/url.c
> index 596fb49cfc..0aa50ab9a7 100644
> --- a/libavformat/url.c
> +++ b/libavformat/url.c
> @@ -81,6 +81,7 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
> const char *rel)
> {
> char *sep, *path_query;
> + char *root, *p;
> /* Absolute path, relative to the current server */
> if (base && strstr(base, "://") && rel[0] == '/') {
> if (base != buf)
> @@ -120,16 +121,32 @@ void ff_make_absolute_url(char *buf, int size, const char *base,
> return;
> }
>
> + root = p = buf;
> + /* Get the path root of the url which start by "://" */
> + if (p && strstr(p, "://")) {
> + sep = strstr(p, "://");
> + if (sep) {
> + sep += 3;
> + root = strchr(sep, '/');
> + }
> + }
> +
> /* Remove the file name from the base url */
> sep = strrchr(buf, '/');
> + if (sep <= root)
> + sep = root;
> +
> if (sep)
> sep[1] = '\0';
> else
> buf[0] = '\0';
> while (av_strstart(rel, "../", NULL) && sep) {
> /* Remove the path delimiter at the end */
> - sep[0] = '\0';
> - sep = strrchr(buf, '/');
> + if (sep > root) {
> + sep[0] = '\0';
> + sep = strrchr(buf, '/');
> + }
> +
> /* If the next directory name to pop off is "..", break here */
> if (!strcmp(sep ? &sep[1] : buf, "..")) {
> /* Readd the slash we just removed */
> diff --git a/tests/ref/fate/url b/tests/ref/fate/url
> index 980b2ce1f9..c8260a97be 100644
> --- a/tests/ref/fate/url
> +++ b/tests/ref/fate/url
> @@ -3,6 +3,7 @@ Testing ff_make_absolute_url:
> /foo/bar baz => /foo/baz
> /foo/bar ../baz => /baz
> /foo/bar /baz => /baz
> + /foo/bar ../../../baz => /baz
> http://server/foo/ baz => http://server/foo/baz
> http://server/foo/bar baz => http://server/foo/baz
> http://server/foo/ ../baz => http://server/baz
> @@ -12,6 +13,8 @@ Testing ff_make_absolute_url:
> http://server/foo/bar?param=value/with/slashes /baz => http://server/baz
> http://server/foo/bar?param&otherparam ?someparam => http://server/foo/bar?someparam
> http://server/foo/bar //other/url => http://other/url
> + http://server/foo/bar ../../../../../other/url => http://server/other/url
> + http://server/foo/bar /../../../../../other/url => http://server/../../../../../other/url
Is this supposed to be the proper result?
>
> Testing av_url_split:
> /foo/bar => -1 /foo/bar
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20200427/b60af853/attachment.sig>
More information about the ffmpeg-devel
mailing list