PR #23618 opened by Kacper Michajłow (kasper93)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23618
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23618.patch

Fixes: recursion.m3u8
Fixes: cEy2cxyyPaLH
Fixes: cd223e0b4e (Add Apple HTTP Live Streaming demuxer)
Found-by: BapToutatis


From 83401897d7fd7bb5ea032ec74cadee8931e4a9e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <[email protected]>
Date: Sat, 27 Jun 2026 17:43:33 +0200
Subject: [PATCH] avformat/hls: reject Master Playlist tags in a Media Playlist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes infinite loop on crafted HLS playlists.

Fixes: recursion.m3u8
Fixes: cEy2cxyyPaLH
Fixes: cd223e0b4e (Add Apple HTTP Live Streaming demuxer)
Found-by: BapToutatis
Signed-off-by: Kacper Michajłow <[email protected]>
---
 libavformat/hls.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/libavformat/hls.c b/libavformat/hls.c
index b3b8f3a80a..e76e68ed51 100644
--- a/libavformat/hls.c
+++ b/libavformat/hls.c
@@ -890,6 +890,12 @@ static int parse_playlist(HLSContext *c, const char *url,
     while (!avio_feof(in)) {
         ff_get_chomp_line(in, line, sizeof(line));
         if (av_strstart(line, "#EXT-X-STREAM-INF:", &ptr)) {
+            if (pls) {
+                av_log(c->ctx, AV_LOG_ERROR,
+                       "Master Playlist tag found in a Media Playlist\n");
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             is_variant = 1;
             memset(&variant_info, 0, sizeof(variant_info));
             ff_parse_key_value(ptr, handle_variant_args, &variant_info);
@@ -909,6 +915,12 @@ static int parse_playlist(HLSContext *c, const char *url,
             av_strlcpy(key, info.uri, sizeof(key));
         } else if (av_strstart(line, "#EXT-X-MEDIA:", &ptr)) {
             struct rendition_info info = {{0}};
+            if (pls) {
+                av_log(c->ctx, AV_LOG_ERROR,
+                       "Master Playlist tag found in a Media Playlist\n");
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             ff_parse_key_value(ptr, handle_rendition_args, &info);
             new_rendition(c, &info, url);
         } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", &ptr)) {
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to