[FFmpeg-cvslog] r12241 - trunk/libavformat/mov.c

Reimar Döffinger Reimar.Doeffinger
Wed Feb 27 13:24:02 CET 2008


On Wed, Feb 27, 2008 at 01:02:25PM +0100, Baptiste Coudurier wrote:
> Reimar D?ffinger wrote:
> > On Wed, Feb 27, 2008 at 12:33:08PM +0100, Baptiste Coudurier wrote:
> >> Now Im curious, considering mov layout and libavformat mechanisms, what
> >> would you expect to leak or read, besides what the user application is
> >> allowed to read anyway (url_fopen suceeds), and what would be different
> >> than garbage from a genuine self-contained file.
> > 
> > Do you really not get the point? You code allows the _container_ to
> > cause a read, outside of any and all control of the _application_.
> 
> What's so different from playlist files accessing both http
> streams/network devices and local files ? Except that playlist file
> might be human readable.

That lavf does not support playlists? And that someone doing e.g. a
youtube-clone with FFmpeg certainly would not add playlist parsing.
Whereas with this feature there is no choice.

> I do get this point very well, though this is the concept of the
> feature, user having auto-dialup is IMHO out of the scope.

It is not, a feature that might cause a user significant damage is
completely not justifiable to be enabled by default.
Though I might have to retract some of my points (not completely sure),
since : is replaced by /, is it even possible to have complete URIs in
there??




More information about the ffmpeg-cvslog mailing list