[FFmpeg-devel] [RFC] Getting options from the file name
Reimar.Doeffinger at gmx.de
Thu Dec 29 19:07:10 CET 2011
On Thu, Dec 29, 2011 at 06:34:20PM +0100, Nicolas George wrote:
> Le nonidi 9 nivôse, an CCXX, Reimar Döffinger a écrit :
> > If in general I am very sceptical about this, with the load of options
> > that exist I see a serious chance that this will open exploitable issues
> > in applications that read playlists from some (non-trustworthy) remote
> > location and pass those directly in into ffmpeg/libavformat/...
> > Even if they are of the more thorough kind and do some basic validation
> > of the URLs they might not catch this new syntax.
> What kind of exploit do you have in mind? Demuxers and decoders do not have
> a lot of options, in fact, and most of them are there to set the sample rate
> or the frame size, or tweak some coefficients.
The problem is not just now, but also in the future.
For example a sensible option I could see us want is whether to follow
redirects (whether on stream or demuxer level).
This will be really, really painful to use if such an option can then
be overridden again from the URL.
The main point is, I don't know. How sure are you there are no such
critical options and that we'll remember this when/if we add one such?
> OTOH, changing demuxer or decoder options should really not be a problem. Or
> else, the problem could probably also be triggered by specially crafted
I don't think there is/should be a relation between things that are set
via options and what can be caused by specially crafted files.
More information about the ffmpeg-devel