From 29c74b42b4f9edc6a197ee884d723f8901c8de97 Mon Sep 17 00:00:00 2001 From: wm4 Date: Sat, 4 Jan 2014 19:00:01 +0100 Subject: demux_subreader: reject file if not opened by --sub demux_subreader.c contains the old MPlayer subtitle parser, and I have absolutely no confidence in this (very crappy) code. There might be one or two security risks associated with running that code on arbitrary input. --- demux/demux.h | 1 + demux/demux_subreader.c | 3 +++ player/loadfile.c | 1 + 3 files changed, 5 insertions(+) diff --git a/demux/demux.h b/demux/demux.h index 7a663684f9..6f9437f2d3 100644 --- a/demux/demux.h +++ b/demux/demux.h @@ -152,6 +152,7 @@ struct demuxer_params { int matroska_wanted_segment; bool *matroska_was_valid; struct ass_library *ass_library; + bool expect_subtitle; }; typedef struct demuxer { diff --git a/demux/demux_subreader.c b/demux/demux_subreader.c index 6bb39c960d..1fa449d7f0 100644 --- a/demux/demux_subreader.c +++ b/demux/demux_subreader.c @@ -1337,6 +1337,9 @@ static int d_open_file(struct demuxer *demuxer, enum demux_check check) if (check > DEMUX_CHECK_REQUEST) return -1; + if (!demuxer->params || !demuxer->params->expect_subtitle) + return -1; + struct stream *ps = read_probe_stream(demuxer->stream, PROBE_SIZE); struct subreader sr; diff --git a/player/loadfile.c b/player/loadfile.c index 14faeb08c9..f35c63fa38 100644 --- a/player/loadfile.c +++ b/player/loadfile.c @@ -776,6 +776,7 @@ static struct track *open_external_file(struct MPContext *mpctx, char *filename, opts->stream_cache_seek_min_percent); struct demuxer_params params = { .ass_library = mpctx->ass_library, // demux_libass requires it + .expect_subtitle = filter == STREAM_SUB, }; struct demuxer *demuxer = demux_open(stream, demuxer_name, ¶ms, mpctx->global); -- cgit v1.2.3