[FFmpeg-devel] [PATCH 2/2] avformat/concatdec: Check recursion depth
Nicolas George
george at nsup.org
Wed Jul 9 15:04:03 EEST 2025
Michael Niedermayer (HE12025-07-07):
> a file called self_ref.ffconcat, containing:
>
> ffconcat version 1.0
> file self_ref.ffconcat
Oh, that. Thanks for explaining. I am not sure it is our responsibility
to protect from this, there are many instance of similar pitfalls, for
example a shell wrapper for a command with the same name that neglects
to not call itself. But if it takes very little code like that, why
not...
OTOH, three problem I have with the code:
ELOOP is not portable, and the message does not match the issue. It is
better to have an error message that says nothing ("invalid value") than
an error message that says something wrong ("symbolic links"? what
symbolic links?).
Why do you have to implement it in concat? AFAICS, the call to
ff_copy_whiteblacklists() should be enough to trigger the protection you
added in patch 1/2.
You are abusing the ff_copy_whiteblacklists() function. Since it is
private, it can be renamed. ff_prepare_nested_muxer()?
Regards,
--
Nicolas George
More information about the ffmpeg-devel
mailing list