On Wednesday 13 January 2016 18:14:16 Luca Barbato wrote: > concat can be abused to leak local file contents as url parameter.
I now managed to reproduce the problem, and indeed confirms that there is a real problem. However, this patch does not fix it because the issue is not specific to HLS. I would suggest either: 1) removing concat completely, or 2) ignoring the concat locator string, and passing the list of concatenated URIs through AV options (similarly to what VLC does). -- Rémi Denis-Courmont http://www.remlab.net/ _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
