nlvl_to and nlvl_from can be set to 1 if both alias and target files
are in the same directory, so actually check the first character of the
string.
---
libavformat/mov.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5f577f3..f35f06d 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2300,7 +2300,7 @@ static int mov_open_dref(AVIOContext **pb, char *src,
MOVDref *ref,
{
/* try relative path, we do not try the absolute because it can leak
information about our
system to an attacker */
- if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
+ if (ref->nlvl_to > 0 && ref->nlvl_from > 0 && ref->path[0] != '/') {
char filename[1024];
char *src_path;
int i, l;
--
1.9.5 (Apple Git-50.3)
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
