[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default

Paul B Mahol onemda at gmail.com
Fri May 11 01:27:38 EEST 2018

On 5/11/18, wm4 <nfxjfg at googlemail.com> wrote:
> On Thu, 10 May 2018 16:44:59 +0100
> Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
>> These demuxers have probes that mainly probe based on file extension,
>> and map to codec IDs that render text as video. The result is that
>> ffmpeg will, by default, happily render, for example, .txt files
>> as images. This is not exactly a good security practice, an only
>> makes it easier for potential attackers to gain the contents of
>> system files.
>> Disable building these by default.
>> Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
>> ---
> +1
> You should send a patch that disables all those useless game demuxers
> too. They only cause security issues and bloated library sizes.


More information about the ffmpeg-devel mailing list