Re: [FFmpeg-devel] [FFmpeg-cvslog] avfilter: add vmafmotion filter

Fri, 06 Oct 2017 13:44:49 -0700 

On 10/6/17, Michael Niedermayer <mich...@niedermayer.cc> wrote:
> On Fri, Oct 06, 2017 at 10:03:16AM -0400, Ronald S. Bultje wrote:
>> Hi,
>>
>> On Thu, Oct 5, 2017 at 7:52 PM, Michael Niedermayer
>> <mich...@niedermayer.cc>
>> wrote:
>>
>> > On Sat, Sep 30, 2017 at 03:51:41PM +0000, Ashish Singh wrote:
>> > > ffmpeg | branch: master | Ashish Singh <ashk43...@gmail.com> | Sat
>> > > Sep
>> > 16 02:35:58 2017 +0530| [148c8e88c43cfbabd6aee9f01ef30942cee9d359] |
>> > committer: Ronald S. Bultje
>> > >
>> > > avfilter: add vmafmotion filter
>> > >
>> > > Signed-off-by: Ashish Singh <ashk43...@gmail.com>
>> > > Signed-off-by: Ronald S. Bultje <rsbul...@gmail.com>
>> > >
>> > > > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=
>> > 148c8e88c43cfbabd6aee9f01ef30942cee9d359
>> > > ---
>> > >
>> > >  Changelog                   |   1 +
>> > >  doc/filters.texi            |  14 ++
>> > >  libavfilter/Makefile        |   1 +
>> > >  libavfilter/allfilters.c    |   1 +
>> > >  libavfilter/vf_vmafmotion.c | 365 ++++++++++++++++++++++++++++++
>> > ++++++++++++++
>> > >  libavfilter/vmaf_motion.h   |  58 +++++++
>> > >  6 files changed, 440 insertions(+)
>> > [...]
>> > > +static av_cold int init(AVFilterContext *ctx)
>> > > +{
>> > > +    VMAFMotionContext *s = ctx->priv;
>> > > +
>> > > +    if (s->stats_file_str) {
>> > > +        if (!strcmp(s->stats_file_str, "-")) {
>> >
>> > > +            s->stats_file = stdout;
>> >
>> > Using stdout can interfere with the user application using the filter
>> >
>> >
>> > > +        } else {
>> >
>> > > +            s->stats_file = fopen(s->stats_file_str, "w");
>> >
>> > Opening a filter parameter provided string for writing is a dangerous
>> > way to output data. It allows one with access to the parameters to
>> > overwrite any writable file
>> >
>> > data should only be output in a safe way
>> >
>>
>> The same mechanism is present in ssim/psnr filters. I'm open to any
>> alternative method you suggest. These are only settable using explicit
>> user
>> interaction (and are disabled by default) so I don't particularly see the
>> problem.
>
> With this a filter graph can never be taken from an untrusted source
>
> One filter that outputs statistics without writing to a user specified
> filename is libavfilter/af_astats.c

So what? Get over it.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to