X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fmov.c;h=1170dd489de7e9f234ef3633063114ed59b91819;hb=33a79e443b8611c8df4752373bc3322e85a03b1f;hp=438cffbd3473f2d96a61a9ce3fe5d2670fe014b0;hpb=8003816e1619e77d8de051883264aa090e0d78cc;p=ffmpeg

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 438cffbd347..1170dd489de 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2629,6 +2629,9 @@ static int mov_open_dref(AVIOContext **pb, const char *src, MOVDref *ref,
                 av_strlcat(filename, "../", sizeof(filename));
 
             av_strlcat(filename, ref->path + l + 1, sizeof(filename));
+            if (!use_absolute_path)
+                if(strstr(ref->path + l + 1, "..") || ref->nlvl_from > 1)
+                    return AVERROR(ENOENT);
 
             if (strlen(filename) + 1 == sizeof(filename))
                 return AVERROR(ENOENT);
@@ -3661,7 +3664,9 @@ static int mov_probe(AVProbeData *p)
                  AV_RB64(p->buf+offset + 8) == 0)) {
                 score = FFMAX(score, AVPROBE_SCORE_EXTENSION);
             } else if (tag == MKTAG('f','t','y','p') &&
-                       AV_RL32(p->buf + offset + 8) == MKTAG('j','p','2',' ')) {
+                       (   AV_RL32(p->buf + offset + 8) == MKTAG('j','p','2',' ')
+                        || AV_RL32(p->buf + offset + 8) == MKTAG('j','p','x',' ')
+                    )) {
                 score = FFMAX(score, 5);
             } else {
                 score = AVPROBE_SCORE_MAX;