[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default

James Darnley james.darnley at gmail.com
Fri May 11 02:49:58 EEST 2018


On 2018-05-11 00:57, Derek Buitenhuis wrote:
>> Disabling demuxers by default does not seem to be a good idea to me.
> 
> So rendering arbitrary text files by default seems like a good idea in
> comparsion?

I want to argue some more so here you go: it isn't "by default".

It gets rendered because you asked for it to be rendered.  You asked for
/etc/passwd to be rendered so ffmpeg did that.  It produced a nice 4K
video of the file with all your secrets clearly legible in it.  Why do
you care?  Surely nobody will see it.  Surely you're not going to upload
this file to the public Internet.

I don't care that you do encode any random file that someone uploads to
you.  I don't care that you do put the results on the public net.  I do
care a little that ffmpeg understands playlist files but not in the same
way you do.  I do care a little that ffmpeg does so much magic for you
but not in the same way you do.

I haven't tried to stand in the way of other bad changes to ffmpeg (like
the fact that the flac muxer will now mux video streams) and I won't try
to stand in the way of this one.



More information about the ffmpeg-devel mailing list