在 2024-11-12 06:34, Martin Storsjö 写道:
FYI, see https://github.com/msys2/MINGW-packages/issues/22462 where someone ran into issues caused by this.Also see https://ffmpeg.org/pipermail/ffmpeg-devel/2024-November/335936.html where someone else observes other issues related to this. (The description of the issue seems a bit inaccurate, so I tried to comment on it.)
After reading the first issue, it looks to me that they are attempting to take a UTF-8 string from command line and print it (?) somehow.
The security issue is actually about file names (path injection). I suspect there's no uniform way to satisfy everyone, as both code pages of the console and of the file APIs can be changed, which will happen too late, after the command line is parsed.
Probably we should not have terminated a process in case of lossy conversion... -- Best regards, LIU Hao
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mingw-w64-public mailing list Mingw-w64-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
