[MPlayer-users] MPlayer -embeddedfonts option with ASS/SSA subtitles

Evgeniy Stepanov eugeni.stepanov at gmail.com
Mon Jan 22 15:06:45 CET 2007


On Saturday 20 January 2007 23:51, Ergzay wrote:
> On 2006/11/17, at 16:49, Evgeniy Stepanov wrote:
> > On Friday 17 November 2006 18:44, Alexander Strange wrote:
> >> On Nov 13, 2006, at 9:16 AM, Reimar Döffinger wrote:
> >>> The (more or less) good reason is that it creates files on the
> >>> system,
> >>> and even worse, with arbitrary content and almost arbitrary (see
> >>> also at
> >>> the end) filename as defined by the media file.
> >>> Those will also be processed by both fontconfig and freetype, which
> >>> in
> >>> the official windows build are linked statically, and with noone
> >>> checking and updating that one in the case of security issues in
> >>> any of
> >>> these (same is true for other libs included, but they are not
> >>> avoidable
> >>> without dropping support completely).
> >>> Furthermore I feel unable to guarantee that the file name check in
> >>> ass.c,
> >>> validate_fname will be correct and sufficient in all cases, on all
> >>> operating systems.
> >>
> >> I think this is a very bad idea feature-wise, because -ass without -
> >> embeddedfonts is pretty much almost as bad as no -ass for most of the
> >> weird things people do.
> >>
> >> If you're worried about filename safety, why preserve names in the
> >> first place? They don't matter to fontconfig that I know of.
> >
> > Indeed, SSA/ASS subtitles without custom fonts are very rare.
> > Something needs
> > to be done, at least a warning message saying something like "You are
> > using -ass without -embeddedfonts, that's bad, you will not see any
> > custom
> > fonts this way".
> >
> > Filenames are not a problem, validity check could be made stronger by
> > accepting only letters, numbers and a small number of other characters.
> >
> > There are deifinitely some security holes in freetype and fontconfig
> > and using
> > arbitrary font files is dangerous. But many subtitles are distributed
> > separately from video files. They usually come with a .zip containing
> > all
> > required fonts. This fonts will be used even without -embedded-fonts.
> > The
> > truth is, the most dangerous option is not -embedded-fonts, but -ass.
> >
> > As a workaround for possibly security issues with freetype/fontconfig,
> > I
> > suggest disabling font selection with an (imaginary) -ass-single-font
> > option.
> > Or deleting .mplayer/fonts and disabling -embedded-fonts.
>
> So is this never going to get resolved? Just bringing this old topic
> back up to see if this can actually get something changed.

With fontconfig >= 2.4.2 -embeddedfonts is enabled by default. See the 
manpage.



More information about the MPlayer-users mailing list