[MPlayer-users] playlist suggestion
Rich Felker
dalias at aerifal.cx
Tue May 1 04:13:56 CEST 2007
On Mon, Apr 30, 2007 at 08:22:57PM -0500, Joey Parrish wrote:
> On 4/30/07, RC <rcooley at spamcop.net> wrote:
> > On Mon, 30 Apr 2007 22:26:45 +0100
> > "Robert Parker" <theparkers.mailbox at gmail.com> wrote:
> >
> > > Why doesnt mplayer just recognise known file extensions as play list
> > > files ?
> >
> > Security.
> >
> > For something like a browser plug-in, where you have untrusted content,
> > I would suggest parsing the playlist with your own program, and giving
> > only the final result to MPlayer.
>
> Are the MPlayer playlist parsers inherently insecure? Is there a good
> reason not to fix them?
I disabled automatic playlist detection several years ago when I
caught it trying to parse unknown media files as playlists and then
segfaulting. Upon seeing the segfault, and knowing the previous
history of bad, insecure code in MPlayer and the amount of string
processing in a playlist handler, I basically deemed the code insecure
pending a thorough review/audit by someone who cares to take the time
to do it.
Nowadays I (try to) use mplayer-plugin on my laptop, and if someone
would actually do the audit and fix the playlist code so that it can
be trusted, I'd be happy too! I don't have the time to code/review
anything now though.
Rich
More information about the MPlayer-users
mailing list