On 09/05/2023 08:19, Anton Khirnov wrote:
Quoting Michael Niedermayer (2023-05-09 00:35:08)
On Mon, May 08, 2023 at 04:05:40PM +0200, Tobias Rapp wrote:
[...]
DASH is usually transferred over HTTP where file extensions are of minor
interest, the relevant type information is in the Mime-Type header.
would anyone be opposed to return 0 from dash_probe() when
both the mime_type and the extension are wrong ?
I would.
probe() is for probing, not implementing security policies. IMO trying
to fix security issues at the wrong layer will only lead to more
confusion, more complexity, and LESS security.
I agree that probing should be unrelated to the actual format selection
policy.
example: a crafted image.jpeg uploaded somewhere is played as dash.
or am i missing something that would stop that ?
The player application could exclude the dash format (and other playlist
formats) from the format_whitelist I guess?
The alternative for the player application if it doesn't need to depend
on the system installation of FFmpeg libraries would be to exclude
unwanted formats at compilation time.
Regards, Tobias
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
