[FFmpeg-devel] [PATCH] mov: Add an option to toggle dref opening

Marton Balint cus at passwd.hu
Sat Jan 16 20:58:01 CET 2016


On Sat, 16 Jan 2016, wm4 wrote:
> On Sat, 16 Jan 2016 14:22:21 +0100
> Michael Niedermayer <michael at niedermayer.cc> wrote:
>
>> On Fri, Jan 15, 2016 at 05:03:49PM +0000, Derek Buitenhuis wrote:
>> > This feature is mostly only used by NLE software, and is
>> > both of dubious value being enabled by default, and a
>> > possible security risk.
>> > 
>> > Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
>> > ---
>> >  libavformat/isom.h    |  1 +
>> >  libavformat/mov.c     | 22 +++++++++++++++++-----
>> >  libavformat/version.h |  4 ++--
>> >  3 files changed, 20 insertions(+), 7 deletions(-) 
>> 
>> i wonder if this should not be a generic option for all demuxers
>> or maybe a whitelist of what pathes are allowed to be opened, maybe
>> similar to the existing codec/format whitelists
>> 
>> but thats not a objection to the dref option here ...
>> 
>> [...]
>
> There's a AVFormatContext.open_cb callback, which an API user can use
> to decide whether opening a certain URL is fine. (Unfortunately, HLS
> doesn't use it, but mov does.)
>
> It might be fine to make opening as strict as possible (if that
> callback is not set, which can be used to override it).

CLI users still going to need an option for it.

Regards,
Marton


More information about the ffmpeg-devel mailing list