[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default
Paul B Mahol
onemda at gmail.com
Fri May 11 01:27:38 EEST 2018
On 5/11/18, wm4 <nfxjfg at googlemail.com> wrote:
> On Thu, 10 May 2018 16:44:59 +0100
> Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
>
>> These demuxers have probes that mainly probe based on file extension,
>> and map to codec IDs that render text as video. The result is that
>> ffmpeg will, by default, happily render, for example, .txt files
>> as images. This is not exactly a good security practice, an only
>> makes it easier for potential attackers to gain the contents of
>> system files.
>>
>> Disable building these by default.
>>
>> Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
>> ---
>
> +1
>
> You should send a patch that disables all those useless game demuxers
> too. They only cause security issues and bloated library sizes.
Against.
More information about the ffmpeg-devel
mailing list