[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default

[Marton Balint]

On Thu, 10 May 2018, Derek Buitenhuis wrote:

> These demuxers have probes that mainly probe based on file extension,
> and map to codec IDs that render text as video. The result is that
> ffmpeg will, by default, happily render, for example, .txt files
> as images. This is not exactly a good security practice, an only
> makes it easier for potential attackers to gain the contents of
> system files.

Maybe it is better if we simply get rid of the "probing" part, so the user 
would have to explicitly specify the demuxer to use them.

Regards,
Marton