[FFmpeg-devel] [PATCH 2/2] avformat/hls: .ts is always ok even if its a mov/mp4

Michael Niedermayer michael at niedermayer.cc
Wed Jan 29 00:24:38 EET 2025 

Hi

On Tue, Jan 28, 2025 at 10:12:30PM +0200, Jan Ekström wrote:
> On Tue, Jan 28, 2025 at 4:24 PM Michael Niedermayer
> <michael at niedermayer.cc> wrote:
> >
> > Maybe fixes: 11435
> >
> 
> Do I understand correctly that the root issue that's being attempted
> to be fixed by the initial patch set is that unusual demuxers were
> possible to have been probed and opened through the HLS meta demuxer?
> In that case I would say that instead of trying to make very nebulous
> and easily breakable extension based checking, maybe this demuxer
> should just limit its default usable input formats?
> 

> To my knowledge the officially utilized container formats for HLS are
> MPEG-TS, MP4-likes (fragmented mp4) and raw audio formats such as AAC,
> MP3 or AC-3. One could check what hls.js or ExoPlayer support, and
> that should be a generally mostly encompassing thing that does not
> depend on what extensions are in use. Adding an AVOption to add
> additional formats without code changes would then allow for some
> outliers to be added by users.

our allowed_extensions list kind of does this already now
because with extension_picky (the default now)
the probed format must itself declare an extension thats on
allowed_extensions

so tty can not be used with hls unless one adds it to allowed_extensions
completely independant of what extension the files have

also any demuxers not listing any extensions can not be used with
extension_picky, excpt mpegts which is added as a special case

The idea of extension_picky is that everything has to match
its not just a check on the file extension of the file
(well at least thats the idea until the next security researcher
finds a way around it)

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250128/adb4d692/attachment.sig>

More information about the ffmpeg-devel mailing list