PR #23618 opened by Kacper Michajłow (kasper93) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23618 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23618.patch
Fixes: recursion.m3u8 Fixes: cEy2cxyyPaLH Fixes: cd223e0b4e (Add Apple HTTP Live Streaming demuxer) Found-by: BapToutatis From 83401897d7fd7bb5ea032ec74cadee8931e4a9e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <[email protected]> Date: Sat, 27 Jun 2026 17:43:33 +0200 Subject: [PATCH] avformat/hls: reject Master Playlist tags in a Media Playlist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes infinite loop on crafted HLS playlists. Fixes: recursion.m3u8 Fixes: cEy2cxyyPaLH Fixes: cd223e0b4e (Add Apple HTTP Live Streaming demuxer) Found-by: BapToutatis Signed-off-by: Kacper Michajłow <[email protected]> --- libavformat/hls.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libavformat/hls.c b/libavformat/hls.c index b3b8f3a80a..e76e68ed51 100644 --- a/libavformat/hls.c +++ b/libavformat/hls.c @@ -890,6 +890,12 @@ static int parse_playlist(HLSContext *c, const char *url, while (!avio_feof(in)) { ff_get_chomp_line(in, line, sizeof(line)); if (av_strstart(line, "#EXT-X-STREAM-INF:", &ptr)) { + if (pls) { + av_log(c->ctx, AV_LOG_ERROR, + "Master Playlist tag found in a Media Playlist\n"); + ret = AVERROR_INVALIDDATA; + goto fail; + } is_variant = 1; memset(&variant_info, 0, sizeof(variant_info)); ff_parse_key_value(ptr, handle_variant_args, &variant_info); @@ -909,6 +915,12 @@ static int parse_playlist(HLSContext *c, const char *url, av_strlcpy(key, info.uri, sizeof(key)); } else if (av_strstart(line, "#EXT-X-MEDIA:", &ptr)) { struct rendition_info info = {{0}}; + if (pls) { + av_log(c->ctx, AV_LOG_ERROR, + "Master Playlist tag found in a Media Playlist\n"); + ret = AVERROR_INVALIDDATA; + goto fail; + } ff_parse_key_value(ptr, handle_rendition_args, &info); new_rendition(c, &info, url); } else if (av_strstart(line, "#EXT-X-TARGETDURATION:", &ptr)) { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
