[FFmpeg-devel] [PATCH v2] libavformat/vapoursynth: Update to API version 4, load library at runtime

Ramiro Polla ramiro.polla at gmail.com
Mon Jul 22 21:28:07 EEST 2024 

On Mon, Jul 22, 2024 at 4:01 PM Hendrik Leppkes <h.leppkes at gmail.com> wrote:
> On Mon, Jul 22, 2024 at 2:14 PM Ramiro Polla <ramiro.polla at gmail.com> wrote:
> > On Mon, Jul 22, 2024 at 12:15 AM Hendrik Leppkes <h.leppkes at gmail.com> wrote:
> > > On Mon, Jul 22, 2024 at 12:08 AM Stefan Oltmanns via ffmpeg-devel
> > > <ffmpeg-devel at ffmpeg.org> wrote:
> > > > Am 18.07.24 um 17:23 schrieb epirat07 at gmail.com:
> > > > >>> Well, the DLL directory is added to PATH by the VapourSynth installer,
> > > > >>> but for safety reasons ffmpeg explictly tells the LoadLibrary function
> > > > >>> to only search the application directory and system32, quote from
> > > > >>> w32dlfcn.h:
> > > > >>>
> > > > >>>> /**
> > > > >>>>   * Safe function used to open dynamic libs. This attempts to improve program security
> > > > >>>>   * by removing the current directory from the dll search path. Only dll's found in the
> > > > >>>>   * executable or system directory are allowed to be loaded.
> > > > >>>>   * @param name  The dynamic lib name.
> > > > >>>>   * @return A handle to the opened lib.
> > > > >>>>   */
> > > > >>> So ffmpeg prevents that solution on purpose. Or should that behavior be
> > > > >>> changed in the w32dlfcn.h?
> > > > >>
> > > > >> Oh, bummer. I would expect that overriding the PATH environment
> > > > >> variable would work kind of like how LD_LIBRARY_PATH works on Linux. I
> > > > >> don't know why that was changed. I don't really follow what goes on in
> > > > >> Windowsland anymore. Does anyone else care to comment on this? Martin,
> > > > >> maybe?
> > > > >
> > > > > IIRC this is done to prevent DLL injection attacks
> > > > >
> > > > > https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security
> > > > >
> > > >
> > > > So what's your proposal how to continue?
> > > >
> > > > I see different options with pros&cons:
> > > >
> > > >
> > > > 1.
> > > > Read the DLL path from registry, function for that could be located
> > > > outside the VapourSynth module.
> > > >
> > > > Pro: Safest method to protect from DLL-injection
> > > > Con: A lot of custom code/functionality for Windows
> > > >
> > >
> > > Relaxing security considerations to avoid a 10 line function seems not
> > > worth it to me. So go with actually finding the correct path.
> >
> > I would prefer changing w32dlfcn.h to allow loading DLLs from PATH.
> > Limiting to only the directory of the executable and system32 seems
> > too excessive to me. Removing the current working directory is more
> > understandable, but it's perfectly fine to expect PATH to be searched.
>
> This is common and largely expected DLL loading behavior on Windows.

I was surprised by this statement, but it seems that the expectations
on Windows have indeed changed over the last decade. I guess I've just
been away for too long...

Ramiro

More information about the ffmpeg-devel mailing list