[MPlayer-users] MPlayer -embeddedfonts option with ASS/SSA subtitles
Evgeniy Stepanov
eugeni.stepanov at gmail.com
Fri Nov 17 22:49:17 CET 2006
On Friday 17 November 2006 18:44, Alexander Strange wrote:
> On Nov 13, 2006, at 9:16 AM, Reimar Döffinger wrote:
> > The (more or less) good reason is that it creates files on the system,
> > and even worse, with arbitrary content and almost arbitrary (see
> > also at
> > the end) filename as defined by the media file.
> > Those will also be processed by both fontconfig and freetype, which in
> > the official windows build are linked statically, and with noone
> > checking and updating that one in the case of security issues in
> > any of
> > these (same is true for other libs included, but they are not
> > avoidable
> > without dropping support completely).
> > Furthermore I feel unable to guarantee that the file name check in
> > ass.c,
> > validate_fname will be correct and sufficient in all cases, on all
> > operating systems.
>
> I think this is a very bad idea feature-wise, because -ass without -
> embeddedfonts is pretty much almost as bad as no -ass for most of the
> weird things people do.
>
> If you're worried about filename safety, why preserve names in the
> first place? They don't matter to fontconfig that I know of.
Indeed, SSA/ASS subtitles without custom fonts are very rare. Something needs
to be done, at least a warning message saying something like "You are
using -ass without -embeddedfonts, that's bad, you will not see any custom
fonts this way".
Filenames are not a problem, validity check could be made stronger by
accepting only letters, numbers and a small number of other characters.
There are deifinitely some security holes in freetype and fontconfig and using
arbitrary font files is dangerous. But many subtitles are distributed
separately from video files. They usually come with a .zip containing all
required fonts. This fonts will be used even without -embedded-fonts. The
truth is, the most dangerous option is not -embedded-fonts, but -ass.
As a workaround for possibly security issues with freetype/fontconfig, I
suggest disabling font selection with an (imaginary) -ass-single-font option.
Or deleting .mplayer/fonts and disabling -embedded-fonts.
More information about the MPlayer-users
mailing list