[FFmpeg-devel] [PATCH] mov: Add an option to toggle dref opening
Marton Balint
cus at passwd.hu
Sat Jan 16 20:58:01 CET 2016
On Sat, 16 Jan 2016, wm4 wrote:
> On Sat, 16 Jan 2016 14:22:21 +0100
> Michael Niedermayer <michael at niedermayer.cc> wrote:
>
>> On Fri, Jan 15, 2016 at 05:03:49PM +0000, Derek Buitenhuis wrote:
>> > This feature is mostly only used by NLE software, and is
>> > both of dubious value being enabled by default, and a
>> > possible security risk.
>> >
>> > Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
>> > ---
>> > libavformat/isom.h | 1 +
>> > libavformat/mov.c | 22 +++++++++++++++++-----
>> > libavformat/version.h | 4 ++--
>> > 3 files changed, 20 insertions(+), 7 deletions(-)
>>
>> i wonder if this should not be a generic option for all demuxers
>> or maybe a whitelist of what pathes are allowed to be opened, maybe
>> similar to the existing codec/format whitelists
>>
>> but thats not a objection to the dref option here ...
>>
>> [...]
>
> There's a AVFormatContext.open_cb callback, which an API user can use
> to decide whether opening a certain URL is fine. (Unfortunately, HLS
> doesn't use it, but mov does.)
>
> It might be fine to make opening as strict as possible (if that
> callback is not set, which can be used to override it).
CLI users still going to need an option for it.
Regards,
Marton
More information about the ffmpeg-devel
mailing list