[MPlayer-users] MPlayer -embeddedfonts option with ASS/SSA subtitles
Ergzay
ergzay at gmail.com
Sat Jan 20 21:51:57 CET 2007
On 2006/11/17, at 16:49, Evgeniy Stepanov wrote:
> On Friday 17 November 2006 18:44, Alexander Strange wrote:
>> On Nov 13, 2006, at 9:16 AM, Reimar Döffinger wrote:
>>> The (more or less) good reason is that it creates files on the
>>> system,
>>> and even worse, with arbitrary content and almost arbitrary (see
>>> also at
>>> the end) filename as defined by the media file.
>>> Those will also be processed by both fontconfig and freetype, which
>>> in
>>> the official windows build are linked statically, and with noone
>>> checking and updating that one in the case of security issues in
>>> any of
>>> these (same is true for other libs included, but they are not
>>> avoidable
>>> without dropping support completely).
>>> Furthermore I feel unable to guarantee that the file name check in
>>> ass.c,
>>> validate_fname will be correct and sufficient in all cases, on all
>>> operating systems.
>>
>> I think this is a very bad idea feature-wise, because -ass without -
>> embeddedfonts is pretty much almost as bad as no -ass for most of the
>> weird things people do.
>>
>> If you're worried about filename safety, why preserve names in the
>> first place? They don't matter to fontconfig that I know of.
>
> Indeed, SSA/ASS subtitles without custom fonts are very rare.
> Something needs
> to be done, at least a warning message saying something like "You are
> using -ass without -embeddedfonts, that's bad, you will not see any
> custom
> fonts this way".
>
> Filenames are not a problem, validity check could be made stronger by
> accepting only letters, numbers and a small number of other characters.
>
> There are deifinitely some security holes in freetype and fontconfig
> and using
> arbitrary font files is dangerous. But many subtitles are distributed
> separately from video files. They usually come with a .zip containing
> all
> required fonts. This fonts will be used even without -embedded-fonts.
> The
> truth is, the most dangerous option is not -embedded-fonts, but -ass.
>
> As a workaround for possibly security issues with freetype/fontconfig,
> I
> suggest disabling font selection with an (imaginary) -ass-single-font
> option.
> Or deleting .mplayer/fonts and disabling -embedded-fonts.
So is this never going to get resolved? Just bringing this old topic
back up to see if this can actually get something changed.
Ergzay
More information about the MPlayer-users
mailing list