[FFmpeg-devel] [patch] allow wordexp globs in image2 file sequence import

Michael Niedermayer michaelni
Tue Jan 18 16:46:13 CET 2011


On Wed, Jan 12, 2011 at 04:35:50PM -0500, Brian Olson wrote:
> I'm getting discouraged that my patch will ever be accepted. Can anyone tell me what it will take to get someone to accept my patch?

fix it so it cant be exploited


> 
> On Jan 7, 2011, at 2:09 PM, Michael Niedermayer wrote:
> 
> > just dont do auto probing of this and require the user to forse the format
> > like img2_ext
> 
> It's not in read_probe(), that just checks the filename for ending with a dot-suffix of a known still image format, and checks that the filename has either a plain name, %d pattern or the characters that make up a wordexp pattern, but it doesn't call wordexp.

It doesnt matter where its selected, it must not be selected automatically if
it allows arbitrary code execution exploits

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20110118/47e2119e/attachment.pgp>



More information about the ffmpeg-devel mailing list