concat with safe 0 don't work if another list is included

[jb_alvarado]

ffmpeg allows to include other lists in a concat file. For example:

ffconcat version 1.0

file 'd://stream/video.mkv'
duration 20.108000

file 'd://stream/concat2.list'

With the parameter -safe 0 it is possible to use unsafe paths/filenames. But only in the main list, not in the referenced list.

How to reproduce:

Write two file lists, with unsafe names, and put one list in the other.

ffmpeg command:

ffmpeg -safe 0 -i /d/stream/concat.list -f opengl "test"

ffmpeg output:

ffmpeg version N-83490-g79d232fc9f Copyright (c) 2000-2017 the FFmpeg developers
  built with gcc 6.3.0 (Rev1, Built by MSYS2 project)
  configuration:  --enable-avisynth --enable-gmp --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265
--disable-w32threads --enable-decklink --enable-fontconfig --enable-libcaca --enable-libfreetype --enable-libfribidi --enable-libmfx --enable-libtwolame --
enable-libvidstab --enable-libzimg --enable-opencl --enable-opengl --enable-libfdk-aac --enable-librubberband --enable-libssh --enable-gpl --enable-version
3 --enable-nonfree --disable-debug
  libavutil      55. 46.100 / 55. 46.100
  libavcodec     57. 79.100 / 57. 79.100
  libavformat    57. 66.102 / 57. 66.102
  libavdevice    57.  2.100 / 57.  2.100
  libavfilter     6. 73.100 /  6. 73.100
  libswscale      4.  3.101 /  4.  3.101
  libswresample   2.  4.100 /  2.  4.100
  libpostproc    54.  2.100 / 54.  2.100
[matroska,webm @ 000001a1f63e3b00] Auto-inserting h264_mp4toannexb bitstream filter
Input #0, concat, from 'D:/stream/concat.list':
  Duration: N/A, start: 0.000000, bitrate: N/A
    Stream #0:0: Video: h264 (Main), yuv420p(progressive), 1024x576 [SAR 1:1 DAR 16:9], 25 fps, 25 tbr, 1k tbn, 50 tbc
    Metadata:
      BPS             : 623367
      BPS-eng         : 623367
      DURATION        : 00:00:20.000000000
      DURATION-eng    : 00:00:20.000000000
      NUMBER_OF_FRAMES: 500
      NUMBER_OF_FRAMES-eng: 500
      NUMBER_OF_BYTES : 1558419
      NUMBER_OF_BYTES-eng: 1558419
      _STATISTICS_WRITING_APP: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_APP-eng: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_DATE_UTC: 2016-12-14 17:20:46
      _STATISTICS_WRITING_DATE_UTC-eng: 2016-12-14 17:20:46
      _STATISTICS_TAGS: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
      _STATISTICS_TAGS-eng: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
    Stream #0:1: Audio: aac (LC), 44100 Hz, stereo, fltp
    Metadata:
      BPS             : 125591
      BPS-eng         : 125591
      DURATION        : 00:00:20.108000000
      DURATION-eng    : 00:00:20.108000000
      NUMBER_OF_FRAMES: 866
      NUMBER_OF_FRAMES-eng: 866
      NUMBER_OF_BYTES : 315674
      NUMBER_OF_BYTES-eng: 315674
      _STATISTICS_WRITING_APP: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_APP-eng: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_DATE_UTC: 2016-12-14 17:20:46
      _STATISTICS_WRITING_DATE_UTC-eng: 2016-12-14 17:20:46
      _STATISTICS_TAGS: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
      _STATISTICS_TAGS-eng: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
[opengl outdev @ 000001a1f63dad00] SDL driver: 'windows'.
Output #0, opengl, to 'test':
  Metadata:
    encoder         : Lavf57.66.102
    Stream #0:0: Video: rawvideo (I420 / 0x30323449), yuv420p, 1024x576 [SAR 1:1 DAR 16:9], q=2-31, 200 kb/s, 25 fps, 25 tbn, 25 tbc
    Metadata:
      BPS             : 623367
      BPS-eng         : 623367
      DURATION        : 00:00:20.000000000
      DURATION-eng    : 00:00:20.000000000
      NUMBER_OF_FRAMES: 500
      NUMBER_OF_FRAMES-eng: 500
      NUMBER_OF_BYTES : 1558419
      NUMBER_OF_BYTES-eng: 1558419
      _STATISTICS_WRITING_APP: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_APP-eng: mkvmerge v9.6.0 ('Slave To Your Mind') 64bit
      _STATISTICS_WRITING_DATE_UTC: 2016-12-14 17:20:46
      _STATISTICS_WRITING_DATE_UTC-eng: 2016-12-14 17:20:46
      _STATISTICS_TAGS: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
      _STATISTICS_TAGS-eng: BPS DURATION NUMBER_OF_FRAMES NUMBER_OF_BYTES
      encoder         : Lavc57.79.100 rawvideo
Stream mapping:
  Stream #0:0 -> #0:0 (h264 (native) -> rawvideo (native))
Press [q] to stop, [?] for help
[concat @ 000001a1fd654d00] Unsafe file name 'Derrol Sawyer # Still With Thee # 02-13.mkv'
[concat @ 000001a1f63d28a0] Impossible to open 'd://stream/concat2.list'
D:/stream/concat.list: Operation not permitted
D:/stream/concat.list: I/O error
    Last message repeated 9 times
frame=  500 fps= 57 q=-0.0 Lsize=N/A time=00:00:20.00 bitrate=N/A speed=2.26x
video:432000kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB muxing overhead: unknown

[Carl Eugen Hoyos]

Your report seems to indicate that what you try was possible before -safe 1 was the default or would be possible if -safe 0 were the default: Is that so?
I thought the concat demuxer cannot be nested.

[jb_alvarado]

Not exactly, I didn't try this before. Since long it is described in the ffmpeg wiki page, but I never read it deeper and test it. For me it would be a very useful feature, because it makes it possible to edit a concat list, before it gets read.

Just for testing I command line 119 in concatdec.c, and compile ffmpeg. After that it would work, but of corse is not the solution. My programming skills are not good enough for a proper patch. I also can not see why safe 0 works in the main list and not in the nested one.

[jb_alvarado]

Ok here a another test.

Changing line 768:

OFFSET(safe), AV_OPT_TYPE_BOOL, {.i64 = 1}, -1, 1, DEC },

TO:

OFFSET(safe), AV_OPT_TYPE_BOOL, {.i64 = 0}, -1, 1, DEC },

Works also.

[Oh no]

Will ffmpeg team fix this bug instead of leaving it to us to patch it?

[Marton Balint]

This is not necessarily a bug, but a security feature. Maybe an additional mode for the safe option could cause the safe option to work recursively.

What you can do right now is to specify options in the ffconcat file which will be passed to the nested demuxer. So if you specify

option safe 0

for every nested ffconcat file, then it should work.