[FFmpeg-devel] [RFC][PATCH] configure: Disable unsafe demuxers by default
Rostislav Pehlivanov
atomnuker at gmail.com
Fri May 11 02:21:37 EEST 2018
On 10 May 2018 at 23:27, Paul B Mahol <onemda at gmail.com> wrote:
> On 5/11/18, wm4 <nfxjfg at googlemail.com> wrote:
> > On Thu, 10 May 2018 16:44:59 +0100
> > Derek Buitenhuis <derek.buitenhuis at gmail.com> wrote:
> >
> >> These demuxers have probes that mainly probe based on file extension,
> >> and map to codec IDs that render text as video. The result is that
> >> ffmpeg will, by default, happily render, for example, .txt files
> >> as images. This is not exactly a good security practice, an only
> >> makes it easier for potential attackers to gain the contents of
> >> system files.
> >>
> >> Disable building these by default.
> >>
> >> Signed-off-by: Derek Buitenhuis <derek.buitenhuis at gmail.com>
> >> ---
> >
> > +1
> >
> > You should send a patch that disables all those useless game demuxers
> > too. They only cause security issues and bloated library sizes.
>
> Against.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
I agree with Paul, game demuxers are useful, don't bloat much and can be
fixed.
More information about the ffmpeg-devel
mailing list