From b13642e115fc513cfd7de13953176bc1462cc3ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Wed, 10 Jul 2024 20:45:51 +0200
Subject: [PATCH] player/loadfile: prevent fuzzers from loading absolute
 directories

It's waste of time to load external files. And it is not deterministic.

Note we still allow to load single files by name, but it is not a big
deal.
---
 player/loadfile.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/player/loadfile.c b/player/loadfile.c
index 8247fd62a6..0705e13392 100644
--- a/player/loadfile.c
+++ b/player/loadfile.c
@@ -1212,6 +1212,18 @@ static void start_open(struct MPContext *mpctx, char *url, int url_flags,
     mpctx->open_url_flags = url_flags;
     mpctx->open_for_prefetch = for_prefetch && mpctx->opts->demuxer_thread;
 
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    // Don't allow to open local paths or stdin during fuzzing
+    bstr open_url = bstr0(mpctx->open_url);
+    if (bstr_startswith0(open_url, "/") ||
+        bstr_startswith0(open_url, "./") ||
+        bstr_equals0(open_url, "-"))
+    {
+        cancel_open(mpctx);
+        return;
+    }
+#endif
+
     if (mp_thread_create(&mpctx->open_thread, open_demux_thread, mpctx)) {
         cancel_open(mpctx);
         return;