On Fri, Apr 10, 2015 at 10:25 PM, Diego Biurrun <[email protected]> wrote: > On Tue, Apr 07, 2015 at 03:06:05PM +0200, Vittorio Giovara wrote: >> --- a/libavformat/mov.c >> +++ b/libavformat/mov.c >> @@ -2300,7 +2300,7 @@ static int mov_open_dref(AVIOContext **pb, char *src, >> MOVDref *ref, >> /* try relative path, we do not try the absolute because it can leak >> information about our >> system to an attacker */ >> - if (ref->nlvl_to > 0 && ref->nlvl_from > 0) { >> + if (ref->nlvl_to > 0 && ref->nlvl_from > 0 && ref->path[0] != '/') { > > Won't this work only on Unix? > > Diego
Afaik only UNIX style paths are stored in this atom. -- Vittorio _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
