[FFmpeg-devel] [PATCH 1/3] avformat/dashdec: fail on probing non mpd file extension

Mon May 8 17:38:29 EEST 2023

On Mon, May 8, 2023 at 7:05 AM Tobias Rapp <t.rapp at noa-archive.com> wrote:
>
> On 08/05/2023 14:00, James Almer wrote:
>
> > On 5/6/2023 10:25 AM, Michael Niedermayer wrote:
> >> Its unexpected that a .avi or other "standard" file turns into a
> >> playlist.
> >> The goal of this patch is to avoid this unexpected behavior and possible
> >> privacy or security differences.
> >>
> >> This is similar to the same change to hls
> >>
> >> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> >> ---
> >>   libavformat/dashdec.c | 11 +++++++----
> >>   1 file changed, 7 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c
> >> index 29d4680c68..294e14150d 100644
> >> --- a/libavformat/dashdec.c
> >> +++ b/libavformat/dashdec.c
> >> @@ -2336,10 +2336,13 @@ static int dash_probe(const AVProbeData *p)
> >>           av_stristr(p->buf, "dash:profile:isoff-live:2011") ||
> >>           av_stristr(p->buf, "dash:profile:isoff-live:2012") ||
> >>           av_stristr(p->buf, "dash:profile:isoff-main:2011") ||
> >> -        av_stristr(p->buf, "3GPP:PSS:profile:DASH1")) {
> >> -        return AVPROBE_SCORE_MAX;
> >> -    }
> >> -    if (av_stristr(p->buf, "dash:profile")) {
> >> +        av_stristr(p->buf, "3GPP:PSS:profile:DASH1") ||
> >> +        av_stristr(p->buf, "dash:profile")) {
> >> +        if (!av_match_ext(p->filename, "mpd")) {
> >> +            av_log(NULL, AV_LOG_ERROR, "Not detecting dash with non
> >> standard extension\n");
> >> +            return 0;
> >> +        }
> >> +
> >>           return AVPROBE_SCORE_MAX;
> >>       }
> >
> > Failing because it didn't match an extensions sort of goes against the
> > point of probing, which even has a low score return value that's
> > basically "it matched extension" as a sort of last resort.
> >
> > I'd say wrap this in a FF_COMPLIANCE_STRICT check (since i assume the
> > spec does state mpd must be the extension), but i think we have no
> > access to the AVFormatContext here?
>
> DASH is usually transferred over HTTP where file extensions are of minor
> interest, the relevant type information is in the Mime-Type header.
>
> I think we already have the "format_whitelist" API for applications that
> want to restrict the list of formats when loading a file from untrusted
> sources?

Yes, the IMF playlist, for example, is only allowed to reference MXF files:

https://github.com/FFmpeg/FFmpeg/blob/master/libavformat/imfdec.c#L393

>
> Regards, Tobias
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".