[FFmpeg-trac] #11535(avformat:new): Fixes for CVE-2023-6602 broke my code

Mon, 31 Mar 2025 15:23:29 -0700 

#11535: Fixes for CVE-2023-6602 broke my code
----------------------------------+--------------------------------------
             Reporter:  2246c68   |                     Type:  defect
               Status:  new       |                 Priority:  normal
            Component:  avformat  |                  Version:  git-master
             Keywords:            |               Blocked By:
             Blocking:            |  Reproduced by developer:  0
Analyzed by developer:  0         |
----------------------------------+--------------------------------------
 I'm using ffmpeg to parse and mux a local M3U8 playlist, which looks like
 this:

 {{{
 $ cat /var/tmp/master.m3u8
 #EXTM3U
 #EXT-X-VERSION:3
 #EXT-X-TARGETDURATION:10
 #EXT-X-MEDIA-SEQUENCE:0
 #EXTINF:10.000000
 /var/tmp/94905038906128.bin
 #EXTINF:10.000000
 /var/tmp/94905038923040.bin
 #EXTINF:10.000000
 /var/tmp/94905038933296.bin
 ...
 }}}

 Since the media segments are using a non-standard file extension (`.bin`),
 I used to manually whitelist it with `av_dict_set(&options,
 "allowed_extensions", "bin", 0)`. This worked until
 91d96dc8ddaebe0b6cb393f672085e6bfaf15a31 was implemented, which now seems
 to disable `allowed_extensions` by default and requires the user to set
 `extension_picky` to `0` to make `allowed_extensions` take effect again.

 Is this really the intended behavior? I thought CVE fixes were not
 supposed to break code that does not exploit the vulnerability it refers
 to.

 libavformat logs:

 {{{
 [hls @ 0x5653aabc5540] Skip ('#EXT-X-VERSION:3')
 [hls @ 0x5653aabc5540] HLS request for url '/var/tmp/94917347047872.bin',
 offset 0, playlist 0
 [hls @ 0x5653aabc5540] Opening '/var/tmp/94917347047872.bin' for reading
 [hls @ 0x5653aabc5540] detected format mpegts extension none mismatches
 allowed extensions in url /var/tmp/94917347047872.bin
 [hls @ 0x5653aabc5540] Error when loading first segment
 '/var/tmp/94917347047872.bin'
 [AVIOContext @ 0x5653ab3c7610] Statistics: 32768 bytes read, 0 seeks
 [AVIOContext @ 0x5653ab3d1770] Statistics: 3089 bytes read, 0 seeks
 }}}
-- 
Ticket URL: <https://trac.ffmpeg.org/ticket/11535>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

_______________________________________________
FFmpeg-trac mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-trac

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

Reply via email to