[FFmpeg-cvslog] r12241 - trunk/libavformat/mov.c
Reimar Döffinger
Reimar.Doeffinger
Wed Feb 27 15:17:28 CET 2008
> This by no means is a guarantee to be safe within your URLProtocol code,
> if you used register_protocol, one user could still very well exploit
> your code with commandline, and API, giving deliberatly wrong args.
Uh. "exploit your code with commandline" sounds to me almost like
calling "rm -rf /" a bash-exploit (yes, not quite the same I admit).
But anyway, no in e.g. the case of the old MPlayer code this was not
possible since _no user data at all_ was _ever_ passed to libavformat
code.
But apart from that, I had hoped that libavformat intended to allow
applications to implement and use their own stream layer with the
demuxers (without using register_protocol). I admit this was never
clearly stated either though...
Greetings,
Reimar D?ffinger
More information about the ffmpeg-cvslog
mailing list