On Tue, Sep 30, 2014 at 05:21:20PM +0200, Michael Niedermayer wrote: > > with no > > global mutable state. > > i disagree, applications that care about security must > restrict used entities globally, thus by definition want to change > global state. maybe not the way its done in this patch yes, ill > think about it and submit something better but > A security critical application does not want a mysterious unknown > library to load and use a unrestricted libavcodec behind its back > that would likely bypass the whole idea of restricting the decoders > and demuxers
In that case I would think you'd at very least want to completely thrash the description structs of all demuxers and decoders you do not want to use. Or at the very least overwrite the function pointers with 0s, trashing flags might slightly decrease security I guess. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
