[FFmpeg-devel] [PATCH] lavfi/drawtext: add support for printing frame numbers
Stefano Sabatini
stefasab at gmail.com
Thu Nov 22 12:49:00 CET 2012
On date Thursday 2012-11-22 12:22:59 +0100, Nicolas George encoded:
> Le duodi 2 frimaire, an CCXXI, Stefano Sabatini a écrit :
> > + at item n
> > +The frame number, starting from 0. It can accept one argument: the
> > +printf() format to use for printing the number, if not specified it
> > +defaults to @code{%d}.
>
> Apart from the fact that it encourages people to use the frame number, which
> is wrong but is not actually a problem, I have two problems with this patch.
>
> First, very minor, I find "n" way too short. "frameno"?
I like to keep it consistent with the "n" variable in the expression,
an alias like "frame_nb" or "frame_num" or "frameno" would be ok I think.
Note: printing frame number is useful for several debugging reasons
(e.g. when transcoding).
> Second, more severe: format string vulnerability. Until now, a server can
> accept an arbitrary text, quote it or store it in a file, and feed it to
> drawtext: the worst that can happen is that the %{...} are malformed and
> drawtext will fail gracefully. With this change, %{n:%n}, for example, will
> cause a segfault, and a more carefully crafted format can lead to an
> exploit.
>
> That is exactly the reason I did not implement the same feature for the
> "pts" function. At some point I intend to, but the format string needs to be
> sanitized somehow.
Well, at least we could deliver some control over the formatting,
through a custom format or additional params.
Patch updated.
--
FFmpeg = Foolish and Frightening Mythic Political Elected Gospel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-lavfi-drawtext-add-support-for-printing-frame-number.patch
Type: text/x-diff
Size: 2017 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20121122/881cf28f/attachment.bin>
More information about the ffmpeg-devel
mailing list