[FFmpeg-devel] [PATCH] avformat/file: add fd protocol
Zhao Zhili
quinkblack at foxmail.com
Mon Dec 12 19:23:52 EET 2022
On Mon, 2022-12-12 at 18:31 +0200, Rémi Denis-Courmont wrote:
> Le maanantaina 5. joulukuuta 2022, 4.51.34 EET zhilizhao(赵志立) a écrit
> :
> > > On Nov 19, 2022, at 02:48, Zhao Zhili <quinkblack at foxmail.com>
> > > wrote:
> > >
> > > From: Zhao Zhili <zhilizhao at tencent.com>
> > >
> > > Unlike the pipe protocol, fd protocol has seek support if it
> > > corresponding to a regular file.
> > > ---
> > > Sometimes it's the only way to access files via file descriptor,
> > > e.g.,
> > > requesting a shared file on Android:
> > > https://developer.android.com/training/secure-file-sharing/request-file
> > >
> > > doc/protocols.texi | 24 +++++++++++++++++++
> > > libavformat/Makefile | 1 +
> > > libavformat/file.c | 51
> > > +++++++++++++++++++++++++++++++++++++++++
> > > libavformat/protocols.c | 1 +
> > > libavformat/version.h | 4 ++--
> > > 5 files changed, 79 insertions(+), 2 deletions(-)
> >
> > Ping for review.
>
> VLC does this (with a slightly different syntax, i.e. fd://$NUM) and
> in
> hindsight, I think that it was a big mistake.
>
> It should not be possible to refer to an opaque handle from within
> the URL.
> This leads to all sorts of mischief, bordering on security issue, in
> the
> common case that the URL string is untrusted.
Could you elaborate on the security issue?
>
> To support this use case, IMO, the file descriptor should be passed
> explicitly
> via a trusted channel, *not* the URL.
Does an explicit option works here?
static const AVOption pipe_options[] = {
{ "blocksize", "set I/O operation maximum block size",
offsetof(FileContext, blocksize), AV_OPT_TYPE_INT, { .i64 = INT_MAX },
1, INT_MAX, AV_OPT_FLAG_ENCODING_PARAM },
+ { "fd", "set file descriptor", offsetof(FileContext, fd),
AV_OPT_TYPE_INT, { .i64 = -1 }, -1, INT_MAX, AV_OPT_FLAG_ENCODING_PARAM
},
{ NULL }
};
More information about the ffmpeg-devel
mailing list