[FFmpeg-devel] [PATCH 3/3] avformat: add youtube-dl based demuxer

Reimar Döffinger Reimar.Doeffinger at gmx.de
Fri Apr 10 08:29:58 CEST 2015


On 08.04.2015, at 19:30, Hendrik Leppkes <h.leppkes at gmail.com> wrote:
> On Wed, Apr 8, 2015 at 7:27 PM, Gilles Chanteperdrix
> <gilles.chanteperdrix at xenomai.org> wrote:
>> 
>>> Nice security hole.
>> 
>> how is that ? I do not see any buffer overflow possible.
>> 
> 
> Executing a command with system() is very unsafe.

These kind of issues are btw. one of the reasons that from my point of view speak for having such functionality in FFmpeg
If you leave it to the applications, at least half of them will have such security holes.
I admit that I can understand people being nervous about such code in FFmpeg though...


More information about the ffmpeg-devel mailing list