From patchwork Fri Aug 20 15:27:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nicolas George <george@nsup.org>
X-Patchwork-Id: 29645
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp1362503iov;
        Fri, 20 Aug 2021 08:27:43 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJynElundrqDkracvhDstAnfGs7vcX8oTxqugqSTcGscKNP8S03VYPcvX6d87roHT/+8FCez
X-Received: by 2002:a17:906:5e59:: with SMTP id
 b25mr22185000eju.492.1629473263127;
        Fri, 20 Aug 2021 08:27:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1629473263; cv=none;
        d=google.com; s=arc-20160816;
        b=jP4/cWDlf2tYtua7E+iEQp4RCD399kaomTz5ECF0C7o8iMx0d26MPqKEFXwpskLqpT
         quNl+4ffeQSG9PeMns/Gi80QKLf35doHiDnXDSm9AsL5Mir60A8nE8t2MBBKKAtpwkc4
         7bv/EMTtPYe847aomWHRssogu4OqVdMQXU0FZ5cXCOvhNCeLdxr1Mai8tOp5gzH/Rwj0
         5kQssr/gmzeC/S4PpNGtIZKNroRHLdLHsZAzo6qsU8oc3vlEfMnyaZ8KpZyypzF/akvY
         rX3N4qMZGPxvZlk+8XA9fO7avz2kWi/0JOE6Um+ys2N6Y4UjgdjBfMb26yEUZoMeqr1e
         kBng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:message-id:date:to:from
         :delivered-to;
        bh=HbmYspA8ngiu3KbLJHat3bzysIMLA5Y9zwLpAyL3cAk=;
        b=HOopioMvnV7sxTXi+2J52RG1B3gdpGmv2/s0SisKxWRKdz29TkfY9kLTV0iD0DDcU/
         +BsMBfPsVlWJumEZE9SdMdYZM0McpzcFWxRMQhj0cakvVvr67/b/BqxV4wfoKUKEXn6E
         zonPEua3DkmDCfE4CZtyFMfCxRzb13ILCUKMwbgE5YF4xnovJr+1ueFOXbrXDOTiMdHu
         Rx/aK4SlTM3vyJwKJrxfkfuLG0UvAgU/1zvmyWGdkvuxwzcg0eIC5fEMUMUhPgfrCPfy
         dWCG+AjyqQrOrWnc3yN6d5eq80dgQATidoBH0435GAg7LwzQDQfkUm6vIRfIdFzUr6cA
         Y+iw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 y21si6553242edq.281.2021.08.20.08.27.42;
        Fri, 20 Aug 2021 08:27:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0DCB368A15F;
	Fri, 20 Aug 2021 18:27:38 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from nef.ens.fr (nef2.ens.fr [129.199.96.40])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B910F680BBB
 for <ffmpeg-devel@ffmpeg.org>; Fri, 20 Aug 2021 18:27:31 +0300 (EEST)
X-ENS-nef-client: 129.199.129.80 ( name = phare.normalesup.org )
Received: from phare.normalesup.org (phare.normalesup.org [129.199.129.80])
 by nef.ens.fr (8.14.4/1.01.28121999) with ESMTP id 17KFRUYs009181
 for <ffmpeg-devel@ffmpeg.org>; Fri, 20 Aug 2021 17:27:31 +0200
Received: by phare.normalesup.org (Postfix, from userid 1001)
 id C0D62EB5BC; Fri, 20 Aug 2021 17:27:30 +0200 (CEST)
From: Nicolas George <george@nsup.org>
To: ffmpeg-devel@ffmpeg.org
Date: Fri, 20 Aug 2021 17:27:25 +0200
Message-Id: <20210820152728.565116-1-george@nsup.org>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (nef.ens.fr [129.199.96.32]); Fri, 20 Aug 2021 17:27:31 +0200 (CEST)
Subject: [FFmpeg-devel] [PATCH 1/4] libavformat/concatdec: remove support
 for unsafe=-1
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: JhGQUpT5HLLk

It only makes sense as the default value,
but it is not the default since 689211d5727231c3fe92762d224dbadebdbf4e30.

Signed-off-by: Nicolas George <george@nsup.org>
---
 doc/demuxers.texi       | 9 +++------
 libavformat/concatdec.c | 6 ++----
 2 files changed, 5 insertions(+), 10 deletions(-)


Second patch updated with Andrea's comments.
Final patch removing the in-protocol option syntax withdrawn for now.
Other patches unchanged.
Will push soon.

diff --git a/doc/demuxers.texi b/doc/demuxers.texi
index 5b8cf1bfea..5f18e4551b 100644
--- a/doc/demuxers.texi
+++ b/doc/demuxers.texi
@@ -96,8 +96,7 @@ backslash or single quotes.
 All subsequent file-related directives apply to that file.
 
 @item @code{ffconcat version 1.0}
-Identify the script type and version. It also sets the @option{safe} option
-to 1 if it was -1.
+Identify the script type and version.
 
 To make FFmpeg recognize the format automatically, this directive must
 appear exactly as is (no extra space or byte-order-mark) on the very first
@@ -177,7 +176,8 @@ This demuxer accepts the following option:
 @table @option
 
 @item safe
-If set to 1, reject unsafe file paths. A file path is considered safe if it
+If set to 1, reject unsafe file paths and directives.
+A file path is considered safe if it
 does not contain a protocol specification and is relative and all components
 only contain characters from the portable character set (letters, digits,
 period, underscore and hyphen) and have no period at the beginning of a
@@ -187,9 +187,6 @@ If set to 0, any file name is accepted.
 
 The default is 1.
 
--1 is equivalent to 1 if the format was automatically
-probed and 0 otherwise.
-
 @item auto_convert
 If set to 1, try to perform automatic conversions on packet data to make the
 streams concatenable.
diff --git a/libavformat/concatdec.c b/libavformat/concatdec.c
index 934e9c02fc..ed6b9d8044 100644
--- a/libavformat/concatdec.c
+++ b/libavformat/concatdec.c
@@ -118,7 +118,7 @@ static int add_file(AVFormatContext *avf, char *filename, ConcatFile **rfile,
     size_t url_len;
     int ret;
 
-    if (cat->safe > 0 && !safe_filename(filename)) {
+    if (cat->safe && !safe_filename(filename)) {
         av_log(avf, AV_LOG_ERROR, "Unsafe file name '%s'\n", filename);
         FAIL(AVERROR(EPERM));
     }
@@ -476,8 +476,6 @@ static int concat_read_header(AVFormatContext *avf)
                 av_log(avf, AV_LOG_ERROR, "Line %d: invalid version\n", line);
                 FAIL(AVERROR_INVALIDDATA);
             }
-            if (cat->safe < 0)
-                cat->safe = 1;
         } else {
             av_log(avf, AV_LOG_ERROR, "Line %d: unknown keyword '%s'\n",
                    line, keyword);
@@ -757,7 +755,7 @@ static int concat_seek(AVFormatContext *avf, int stream,
 
 static const AVOption options[] = {
     { "safe", "enable safe mode",
-      OFFSET(safe), AV_OPT_TYPE_BOOL, {.i64 = 1}, -1, 1, DEC },
+      OFFSET(safe), AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DEC },
     { "auto_convert", "automatically convert bitstream format",
       OFFSET(auto_convert), AV_OPT_TYPE_BOOL, {.i64 = 1}, 0, 1, DEC },
     { "segment_time_metadata", "output file segment start time and duration as packet metadata",