From 024c79a53cb4681fdf0c91ae5a37a709c255183d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Fri, 12 Jul 2024 13:05:48 +0200
Subject: [PATCH] demux_mf: don't run glob() on urls

Not intended to be run on urls. Fixes stack-overflow in glob() when
unexpected data is passed.

Found by OSS-Fuzz.
---
 demux/demux_mf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/demux/demux_mf.c b/demux/demux_mf.c
index 7fac7af735..4711fb550c 100644
--- a/demux/demux_mf.c
+++ b/demux/demux_mf.c
@@ -119,7 +119,11 @@ static mf_t *open_mf_pattern(void *talloc_ctx, struct demuxer *d, char *filename
         goto exit_mf;
     }
 
-    size_t fname_avail = strlen(filename) + 32;
+    bstr bfilename = bstr0(filename);
+    if (mp_is_url(bfilename))
+        goto exit_mf;
+
+    size_t fname_avail = bfilename.len + 32;
     char *fname = talloc_size(mf, fname_avail);
 
 #if HAVE_GLOB