[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default
nfxjfg at googlemail.com
Fri May 11 01:17:39 EEST 2018
On Thu, 10 May 2018 16:44:59 +0100
Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
> These demuxers have probes that mainly probe based on file extension,
> and map to codec IDs that render text as video. The result is that
> ffmpeg will, by default, happily render, for example, .txt files
> as images. This is not exactly a good security practice, an only
> makes it easier for potential attackers to gain the contents of
> system files.
> Disable building these by default.
> Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
You should send a patch that disables all those useless game demuxers
too. They only cause security issues and bloated library sizes.
More information about the ffmpeg-devel