On Tue, Sep 30, 2014 at 06:23:38PM +0200, wm4 wrote: [...] > But then you might as well create a better API, like a per > AV(Codec/Format)Context whitelist of allowed codecs.
The goal is security, and for that its neccessary to ensure it cannot easily or through plausible programming mistakes be circumvented. If what you suggest here requires every codec lookup and every demuxer lookup to check against a "local" whitelist. And requires this whitelist to be passed around so that all libs have it then this is quite easy to mess up, only one such passing around or check has to be forgotten, thats quite easy to happen but maybe i misunderstand what you meant we have code in libavformat that uses libavfilter we have code in libavfilter that uses libavformat+libavcodec We have ff_load_image() we have src_movie, we have demuxers opening other demuxers the lists would have to be passed through these and various other cases without missing anything Making security depend on "none of this being missed" feels like russian roulet -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I am the wisest man alive, for I know one thing, and that is that I know nothing. -- Socrates
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
