[FFmpeg-devel] [FFmpeg-cvslog] fftools/graphprint: Now, make it a Killer-Feature!
Ramiro Polla
ramiro.polla at gmail.com
Fri May 16 02:29:50 EEST 2025
On Fri, May 16, 2025 at 1:04 AM softworkz .
<softworkz-at-hotmail.com at ffmpeg.org> wrote:
> > From: ffmpeg-devel <ffmpeg-devel-bounces at ffmpeg.org> On Behalf Of Ramiro Polla
> > Sent: Freitag, 16. Mai 2025 00:49
[...]
> > What about the user parsing the output from the cli, looking for a
> > specific string (such as "graph file saved to [...]"), and opening
> > that?
>
> How many user will do that? 0.00001% ? And that's not necessary anyway,
> You can already do
>
> ffmpeg -print_graphs -print_graphs_format mermaidhtml -print_graphs_file x.html
>
> But when you need that, you don't remember what exactly you need to
> specify, and look it up and change the file name on each run and
> launch the browser manually, etc.
>
> The reason for the title of this commit is because of adding a highly useful
> method to get insights into what ffmpeg is doing which everybody can
> remember and quickly add to a command line without needing to jump through
> any hoops.
I understand that very few users will remember the proper invocation
off the top of their heads.
<ChatGPT>
But at the same time, a malicious user crafting a script, wrapper, or
even just pasting shell commands into a terminal can absolutely be
expected to find and exploit any flaw we introduce, especially if it's
a call to system() with file paths involved. So while the feature is
aimed at convenience for a large group of users, it also creates a
non-trivial risk vector that a very small number of malicious users
could exploit in subtle and damaging ways. And historically, these are
exactly the kind of paths that get targeted over time.
</ChatGPT>
I very much appreciate the filtergraph visualizations that you linked
to (it *is* really useful), but I just don’t think ffmpeg should try
to launch the browser for us.
Ramiro
More information about the ffmpeg-devel
mailing list