[FFmpeg-cvslog] r12241 - trunk/libavformat/mov.c

Baptiste Coudurier baptiste.coudurier
Wed Feb 27 13:02:25 CET 2008 

Reimar D?ffinger wrote:
> On Wed, Feb 27, 2008 at 12:33:08PM +0100, Baptiste Coudurier wrote:
>> Now Im curious, considering mov layout and libavformat mechanisms, what
>> would you expect to leak or read, besides what the user application is
>> allowed to read anyway (url_fopen suceeds), and what would be different
>> than garbage from a genuine self-contained file.
> 
> Do you really not get the point? You code allows the _container_ to
> cause a read, outside of any and all control of the _application_.

What's so different from playlist files accessing both http
streams/network devices and local files ? Except that playlist file
might be human readable.

Again, if you want a feature to explicitly disable external refs, this
can be possible, or disable by default and explicitly enable, this can
also be discussed. I'm in favor of enabling by default like you can see,
but I won't oppose to the majority.
Adding control is a good thing, yes.

> But ok, let us consider yet another scenario:
> A user has a file that contains a normal audio and video stream, which
> the user regularly watches.
> In addition, the file contains a extra audio stream that is reference to
> http://someplace.com/specialaudio.mov.
> Also consider the user is not in the middle of a modern country, but
> instead has dialup with a (for his location rather cheap) 1c/min
> internet dialup connection.
> With your current code, upon playing the file, ffplay will now open an
> internet connection, which in addition to making the file play really
> slow will cause the user costs of 1c for each minute he watches the
> video although he has no benefit at all and no reason to suspect
> anything (unless the modem makes audible sounds).
> Now I admit it is a rather stupid user for running auto-dialin on such a
> costy line, but I personally felt forced to do such setups for a
> company that could not get broadband at their location (and this is
> southern Germany, not some remote location), they would have been able
> to afford the connection running through a few days, but it would have
> been a waste of money still.

I do get this point very well, though this is the concept of the
feature, user having auto-dialup is IMHO out of the scope.

-- 
Baptiste COUDURIER                              GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A.                                    http://www.smartjog.com
Key fingerprint                 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312

More information about the ffmpeg-cvslog mailing list