On Sat, 16 Jan 2016 14:22:21 +0100 Michael Niedermayer <mich...@niedermayer.cc> wrote:
> On Fri, Jan 15, 2016 at 05:03:49PM +0000, Derek Buitenhuis wrote: > > This feature is mostly only used by NLE software, and is > > both of dubious value being enabled by default, and a > > possible security risk. > > > > Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com> > > --- > > libavformat/isom.h | 1 + > > libavformat/mov.c | 22 +++++++++++++++++----- > > libavformat/version.h | 4 ++-- > > 3 files changed, 20 insertions(+), 7 deletions(-) > > i wonder if this should not be a generic option for all demuxers > or maybe a whitelist of what pathes are allowed to be opened, maybe > similar to the existing codec/format whitelists > > but thats not a objection to the dref option here ... > > [...] There's a AVFormatContext.open_cb callback, which an API user can use to decide whether opening a certain URL is fine. (Unfortunately, HLS doesn't use it, but mov does.) It might be fine to make opening as strict as possible (if that callback is not set, which can be used to override it). _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
