Overview

File ffmpeg-4-CVE-2023-6601-shim01-6b1f68cc.patch of Package ffmpeg-4

From 6b1f68ccb04d791f0250e05687c346a99ff47ea1 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 3 May 2023 13:08:35 +0200
Subject: [PATCH] avformat/hls: fail on probing non hls/m3u8 file extensions

Its unexpected that a .avi or other "standard" file turns into a playlist.
The goal of this patch is to avoid this unexpected behavior and possible
privacy or security differences.

Reviewed-by: Steven Liu <lingjiujianke@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/hls.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index 8a96a37ff9..11e345b280 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -2532,8 +2532,15 @@ static int hls_probe(const AVProbeData *p)
 
     if (strstr(p->buf, "#EXT-X-STREAM-INF:")     ||
         strstr(p->buf, "#EXT-X-TARGETDURATION:") ||
-        strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:"))
+        strstr(p->buf, "#EXT-X-MEDIA-SEQUENCE:")) {
+
+        if (!av_match_ext(p->filename, "m3u8,hls,m3u")) {
+            av_log(NULL, AV_LOG_ERROR, "Not detecting m3u8/hls with non standard extension\n");
+            return 0;
+        }
+
         return AVPROBE_SCORE_MAX;
+    }
     return 0;
 }
 
-- 
2.52.0
openSUSE Build Service is sponsored by
Places