[FFmpeg-devel] [PATCH 1/3] avformat/dashdec: fail on probing non mpd file extension
Tobias Rapp
t.rapp at noa-archive.com
Mon May 8 17:05:40 EEST 2023
On 08/05/2023 14:00, James Almer wrote:
> On 5/6/2023 10:25 AM, Michael Niedermayer wrote:
>> Its unexpected that a .avi or other "standard" file turns into a
>> playlist.
>> The goal of this patch is to avoid this unexpected behavior and possible
>> privacy or security differences.
>>
>> This is similar to the same change to hls
>>
>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>> ---
>> libavformat/dashdec.c | 11 +++++++----
>> 1 file changed, 7 insertions(+), 4 deletions(-)
>>
>> diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
>> index 29d4680c68..294e14150d 100644
>> --- a/libavformat/dashdec.c
>> +++ b/libavformat/dashdec.c
>> @@ -2336,10 +2336,13 @@ static int dash_probe(const AVProbeData *p)
>> av_stristr(p->buf, "dash:profile:isoff-live:2011") ||
>> av_stristr(p->buf, "dash:profile:isoff-live:2012") ||
>> av_stristr(p->buf, "dash:profile:isoff-main:2011") ||
>> - av_stristr(p->buf, "3GPP:PSS:profile:DASH1")) {
>> - return AVPROBE_SCORE_MAX;
>> - }
>> - if (av_stristr(p->buf, "dash:profile")) {
>> + av_stristr(p->buf, "3GPP:PSS:profile:DASH1") ||
>> + av_stristr(p->buf, "dash:profile")) {
>> + if (!av_match_ext(p->filename, "mpd")) {
>> + av_log(NULL, AV_LOG_ERROR, "Not detecting dash with non
>> standard extension\n");
>> + return 0;
>> + }
>> +
>> return AVPROBE_SCORE_MAX;
>> }
>
> Failing because it didn't match an extensions sort of goes against the
> point of probing, which even has a low score return value that's
> basically "it matched extension" as a sort of last resort.
>
> I'd say wrap this in a FF_COMPLIANCE_STRICT check (since i assume the
> spec does state mpd must be the extension), but i think we have no
> access to the AVFormatContext here?
DASH is usually transferred over HTTP where file extensions are of minor
interest, the relevant type information is in the Mime-Type header.
I think we already have the "format_whitelist" API for applications that
want to restrict the list of formats when loading a file from untrusted
sources?
Regards, Tobias
More information about the ffmpeg-devel
mailing list