[FFmpeg-devel] [PATCH v10 1/2] avformat/imf: Demuxer
Anton Khirnov
anton at khirnov.net
Tue Dec 14 12:31:26 EET 2021
Quoting pal at sandflow.com (2021-12-13 06:43:35)
> From: Pierre-Anthony Lemieux <pal at palemieux.com>
>
> Signed-off-by: Pierre-Anthony Lemieux <pal at palemieux.com>
> ---
>
> Notes:
> The IMF demuxer accepts as input an IMF CPL. The assets referenced by the CPL can be
> contained in multiple deliveries, each defined by an ASSETMAP file:
>
> ffmpeg -assetmaps <path of ASSETMAP1>,<path of ASSETMAP>,... -i <path of CPL>
>
> If -assetmaps is not specified, FFMPEG looks for a file called ASSETMAP.xml in the same directory as the CPL.
>
> EXAMPLE:
> ffmpeg -i http://ffmpeg-imf-samples-public.s3-website-us-west-1.amazonaws.com/countdown/CPL_f5095caa-f204-4e1c-8a84-7af48c7ae16b.xml out.mp4
>
> The Interoperable Master Format (IMF) is a file-based media format for the
> delivery and storage of professional audio-visual masters.
> An IMF Composition consists of an XML playlist (the Composition Playlist)
> and a collection of MXF files (the Track Files). The Composition Playlist (CPL)
As far as I can tell, nothing enforces that the files opened are
actually MXF. Perhaps that should be done. Otherwise I can imagine at
least the danger of recursion.
More generally, I am somewhat concerned about the security implications
of all this. From a brief glance at the patch, the demuxer just opens
whatever arbitrary URLs it finds in the asset maps. Have you considered
what undesirable effects (like information leaks) this might have?
--
Anton Khirnov
More information about the ffmpeg-devel
mailing list