[FFmpeg-user] FFMPEg security question

Marton Balint cus at passwd.hu
Sun Jul 5 23:57:01 CEST 2015


On Sun, 5 Jul 2015, Carl Eugen Hoyos wrote:

> Dani A <danix4u-at-yahoo.com <at> ffmpeg.org> writes:
>
>> Now, how can I recompile ffmpeg again?
>
> If you cannot recompile, only changeroot was 
> a relevant tip for you.
>
>> Is there a specific program I can use to 
>> disable the non wanted functions?
>
> No, the configure script is sufficient.
>
> You can do things like:
> $ ./configure --disable-everything --enable-protocol=file 
> --enable-demuxer=avi --enable-decoder=ac3,mpeg4 
> --enable-parser=ac3,mpeg4 --enable-encoder=h26*,pcm* 
> --enable-muxer=matroska
>
>> Also, how can I use the codec_whitelist 
>> and the format_whitelist, are those 
>> switches to use with the ffmpeg command 
>> just as the -moveflags?
>
> No, whitelists are only useful if you are 
> using the libraries, not if you are using 
> the ffmpeg executable.

Are you sure? I think it has an effect on ffmpeg as well:

ffmpeg -codec_whitelist dummy -f lavfi -i 'aevalsrc=0:duration=10' dummy.wav

ffmpeg version 2.6.3 Copyright (c) 2000-2015 the FFmpeg developers
   built with gcc 4.8 (SUSE Linux)
   configuration: --shlibdir=/usr/lib64 --prefix=/usr 
--mandir=/usr/share/man --libdir=/usr/lib64 --enable-shared 
--disable-static --enable-debug --disable-stripping 
--extra-cflags='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall 
-D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
-fasynchronous-unwind-tables -g' --enable-pic 
--optflags='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall 
-D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables 
-fasynchronous-unwind-tables -g' --enable-gpl --enable-x11grab 
--enable-version3 --enable-pthreads --datadir=/usr/share/ffmpeg 
--enable-avfilter --enable-libpulse --enable-libwebp --enable-libvpx 
--enable-libopus --enable-libmp3lame --enable-libvorbis --enable-libtheora 
--enable-libspeex --enable-libxvid --enable-libx264 --enable-libx265 
--enable-libschroedinger --enable-libgsm --enable-libopencore-amrnb 
--enable-libopencore-amrwb --enable-postproc --enable-libdc1394 
--enable-librtmp --enable-libfreetype --enable-avresample 
--enable-libtwolame --enable-libvo-aacenc --enable-gnutls --enable-libass 
--enable-frei0r --enable-libcelt --enable-libcdio --enable-ladspa
   libavutil      54. 20.100 / 54. 20.100
   libavcodec     56. 26.100 / 56. 26.100
   libavformat    56. 25.101 / 56. 25.101
   libavdevice    56.  4.100 / 56.  4.100
   libavfilter     5. 11.102 /  5. 11.102
   libavresample   2.  1.  0 /  2.  1.  0
   libswscale      3.  1.101 /  3.  1.101
   libswresample   1.  1.100 /  1.  1.100
   libpostproc    53.  3.100 / 53.  3.100
[NULL @ 0x1114320] Codec (pcm_f64le) not on whitelist
Input #0, lavfi, from 'aevalsrc=0:duration=10':
   Duration: N/A, start: 0.000000, bitrate: N/A
     Stream #0:0: Audio: pcm_f64le, 44100 Hz, mono, dbl, 2822 kb/s
File 'dummy.wav' already exists. Overwrite ? [y/N] y
[pcm_f64le @ 0x111c3e0] Codec (pcm_f64le) not on whitelist
Output #0, wav, to 'dummy.wav':
     Stream #0:0: Audio: pcm_s16le, 44100 Hz, mono, s16, 705 kb/s
     Metadata:
       encoder         : Lavc56.26.100 pcm_s16le
Stream mapping:
   Stream #0:0 -> #0:0 (pcm_f64le (native) -> pcm_s16le (native))
Error while opening decoder for input stream #0:0 : Invalid argument

Regards,
Marton


More information about the ffmpeg-user mailing list