On Tue, Apr 07, 2015 at 03:06:05PM +0200, Vittorio Giovara wrote:
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -2300,7 +2300,7 @@ static int mov_open_dref(AVIOContext **pb, char *src,
> MOVDref *ref,
> /* try relative path, we do not try the absolute because it can leak
> information about our
> system to an attacker */
> - if (ref->nlvl_to > 0 && ref->nlvl_from > 0) {
> + if (ref->nlvl_to > 0 && ref->nlvl_from > 0 && ref->path[0] != '/') {
Won't this work only on Unix?
Diego
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
