oggenc: Don't assume the output path ends in a file name. (!7) · Merge requests · Xiph.Org / Vorbis tools

Merged Ralph Giles requested to merge pathseg into master 1 year ago

Apr 09, 2025

oggenc: Don't assume the output path ends in a file name. · 5bb47f58

Ralph Giles authored 1 year ago

oggenc attempts to create any specified directories in the output
file path if they don't exist. The parser was assuming there was
a final filename after the last directory separator, and so would
try to read off the end of the argument if it was a bare directory
such as `./` or `outdir/`. It also did not handle more than one
consecutive separator. This corrects both issues.

Thanks to Frank-Z7 (Zeng Yunxiang) at Huazhong University of Science
and Technology (cse.hust.edu.cn) for the report.

Fixes CVE-2023-43361.

5bb47f58

oggenc: Don't assume the output path ends in a file name.

Merge request reports

Activity