[FFmpeg-cvslog] r12241 - trunk/libavformat/mov.c

Diego Biurrun diego
Wed Feb 27 23:19:20 CET 2008


On Wed, Feb 27, 2008 at 07:50:27PM +0100, Michael Niedermayer wrote:
> On Wed, Feb 27, 2008 at 02:10:54PM +0100, Baptiste Coudurier wrote:
> > 
> > Michael Niedermayer wrote:
> > > On Wed, Feb 27, 2008 at 01:04:17PM +0100, Reimar D?ffinger wrote:
> > >> On Wed, Feb 27, 2008 at 12:52:54PM +0100, Reimar D?ffinger wrote:
> > >>> On Wed, Feb 27, 2008 at 12:33:08PM +0100, Baptiste Coudurier wrote:
> > >>>> Now Im curious, considering mov layout and libavformat mechanisms, what
> > >>>> would you expect to leak or read, besides what the user application is
> > >>>> allowed to read anyway (url_fopen suceeds), and what would be different
> > >>>> than garbage from a genuine self-contained file.
> > >>> Do you really not get the point?
> > >> Or alternatively, am I the only one who sees any of these points as really
> > >> _critical_? I am sorry if I annoy you because I am completely at odds
> > >> with your opinions, but to me this kind of behaviour feels just as bad
> > >> as any buffer overflow, and I can't help that it is considered a feature
> > >> just drives me crazy.
> > > 
> > > I agree that the thing should be disabled by default.
> > > About the callback, honestly i dont mind either way, its simpler without
> > > a callback ...
> > 
> > Ok, Patch attached.
> 
> I also thought (like everyone else) that this would allow remote urls to be
> opened.

Somehow everybody seems to have thought that.  Most of this thread was a
big misunderstanding it seems :(

Diego




More information about the ffmpeg-cvslog mailing list