[FFmpeg-cvslog] r12241 - trunk/libavformat/mov.c
Baptiste Coudurier
baptiste.coudurier
Wed Feb 27 15:23:49 CET 2008
Reimar D?ffinger wrote:
>> This by no means is a guarantee to be safe within your URLProtocol code,
>> if you used register_protocol, one user could still very well exploit
>> your code with commandline, and API, giving deliberatly wrong args.
>
> Uh. "exploit your code with commandline" sounds to me almost like
> calling "rm -rf /" a bash-exploit (yes, not quite the same I admit).
> But anyway, no in e.g. the case of the old MPlayer code this was not
> possible since _no user data at all_ was _ever_ passed to libavformat
> code.
FFmpeg does at least. Mplayer is not the only application using libavformat.
> But apart from that, I had hoped that libavformat intended to allow
> applications to implement and use their own stream layer with the
> demuxers (without using register_protocol). I admit this was never
> clearly stated either though...
Of course, but asking to extend code to support this is clearly better
(I recon the usefulness) and more constructive than whining like you did.
--
Baptiste COUDURIER GnuPG Key Id: 0x5C1ABAAA
SMARTJOG S.A. http://www.smartjog.com
Key fingerprint 8D77134D20CC9220201FC5DB0AC9325C5C1ABAAA
Phone: +33 1 49966312
More information about the ffmpeg-cvslog
mailing list