From: Zhao Zhili
Signed-off-by: Zhao Zhili
---
configure | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index bb7be67676..7be98ed2ba 100755
--- a/configure
+++ b/configure
@@ -6661,7 +6661,8 @@ enabled libopenh264 && require_pkg_config
libopen
Michael Niedermayer 于2023年5月3日周三 20:30写道:
>
> Its unexpected that a .avi or other "standard" file turns into a playlist.
> The goal of this patch is to avoid this unexpected behavior and possible
> privacy or security differences.
>
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/hls.c
On Wed, May 03, 2023 at 11:01:43PM +0200, Timo Rothenpieler wrote:
> On 03.05.2023 21:08, Michael Niedermayer wrote:
> > > > > A quick check for example shows that even something as simple as the
> > > > > HLS BBC Radio streams will fail _all_ checks, since the playlists are
> > > > > hosted on ano
Merged as 4b11a0755036..ad417eb5fa1
On Mon, 01 May 2023 17:02:59 +0200 Niklas Haas wrote:
> From: Niklas Haas
>
> In some circumstances, libplacebo will clear the background as a result
> of cropping/padding. Currently, this uses the hard-coded default fill
> color of black. This option makes t
On 03.05.2023 21:08, Michael Niedermayer wrote:
A quick check for example shows that even something as simple as the
HLS BBC Radio streams will fail _all_ checks, since the playlists are
hosted on another host entirely as the media, thanks to akamai live
streaming.
Playlist here, as an example:
h
Le keskiviikkona 3. toukokuuta 2023, 22.05.26 EEST Michael Niedermayer a écrit
:
> On Wed, May 03, 2023 at 07:07:09PM +0300, Rémi Denis-Courmont wrote:
> The difference is with a dodgy link its the web browser that has to protect
> the user. With a dodgy HLS file its ffmpeg that has to protect the
Hi,
Three years ago, I shared some brief thoughts about embedding the
documentation in the libraries. For example, that would allow GUI
applications to open help dialogs about specific options.
To see what it would need, I wrote the following header. I did not work
any further, because groundwo
On Wed, May 03, 2023 at 02:24:34PM +0200, Hendrik Leppkes wrote:
> On Wed, May 3, 2023 at 12:49 PM Michael Niedermayer
> wrote:
> >
> > On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> > > On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > > > >
> > > > > added
> > > > > +{"
On Wed, May 03, 2023 at 07:07:09PM +0300, Rémi Denis-Courmont wrote:
> Le keskiviikkona 3. toukokuuta 2023, 16.33.59 EEST Michael Niedermayer a
> écrit
> :
> > This patch was inspired by a report on ffmpeg-security about SSRF
> > (for which custom io_open() callback or soem sort of sandboxing/VM
Timo Rothenpieler (12023-05-01):
> Somewhat loosely related to this:
>
> A frequent issue is that it's entirely non-obvious which global libavcodec
> options a codec might make use of.
> Having a way to self-document that would be amazing, so those options show
> up in the --help output, ideally w
Diederick C. Niehorster (12023-05-01):
> +1.
Thanks.
> I assume a lot of the AVDocNode can be automatically populated from its
> corresponding option? We'd not want to maintain, e.g. option names and
> aliases in more than one place.
I cannot promise there will be no duplication at all, and
---
MAINTAINERS | 1 +
1 file changed, 1 insertion(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index 854ccc3fa4..f95be01dc6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -543,6 +543,7 @@ LoongArch Shiyou Yin
Mac OS X / PowerPC Romain Dolbeau, Guil
Le keskiviikkona 3. toukokuuta 2023, 16.33.59 EEST Michael Niedermayer a écrit
:
> This patch was inspired by a report on ffmpeg-security about SSRF
> (for which custom io_open() callback or soem sort of sandboxing/VM can be
> used to avoid it)
> The patch here was intended to explore if we can
Hi
On Wed, May 03, 2023 at 02:16:03PM +0300, Rémi Denis-Courmont wrote:
> Nit: different
fixed
>
> But is there an actual threat model whence it is necessary or even useful for
> a media framework to implement origin policies? On top of my head, this can
> be used by content providers to pre
Hi Anton,
Thanks for your feedback. Comments inline:
On Wed, May 3, 2023 at 5:20 AM Anton Khirnov wrote:
>
> Quoting Devin Heitmueller (2023-04-28 18:37:46)
> > +void ff_ccfifo_freep(AVCCFifo **ccf)
> > +{
> > +if (ccf && *ccf) {
>
> Don't check for ccf, it makes no sense to call this funct
v1 -> v2: Refactor using GetByteContext; Fix compile error.
v2 -> v3: Remove debug statement.
v3 -> v4: Squash commits.
v4 -> v5: Improve portability; Cosmetic changes.
v5 -> v6: remove unnecessary NULL checks.
This patch adds an MPEG Media Transport Protocol (MMTP) parser, as defined in
ISO/IEC
Its unexpected that a .avi or other "standard" file turns into a playlist.
The goal of this patch is to avoid this unexpected behavior and possible
privacy or security differences.
Signed-off-by: Michael Niedermayer
---
libavformat/hls.c | 10 +-
1 file changed, 9 insertions(+), 1 deleti
Sorry to revive an old thread, but I updated the patch for ffmpeg 6 and
this new patch should address the comments.
Still this is a libx264-only patch, and provides a means to specify
that only portions of the frame have changed from the previous one
while the others should be P_SKIP-ped.
More spe
On Wed, May 3, 2023 at 12:49 PM Michael Niedermayer
wrote:
>
> On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> > On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > > >
> > > > added
> > > > +{"same_none" , "same origin check off" , 0 ,
> > > > AV_OPT
Nit: different
But is there an actual threat model whence it is necessary or even useful for a
media framework to implement origin policies? On top of my head, this can be
used by content providers to prevent third parties from referencing their media
files... but that seems user-hostile; it do
On Wed, May 03, 2023 at 12:05:54PM +0200, Hendrik Leppkes wrote:
> On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> > >
> > > added
> > > +{"same_none" , "same origin check off" , 0 ,
> > > AV_OPT_TYPE_CONST, { .i64 = AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MAX,
> > > D
On Tue, May 2, 2023 at 10:57 PM James Almer wrote:
> >
> > added
> > +{"same_none" , "same origin check off" , 0 ,
> > AV_OPT_TYPE_CONST, { .i64 = AVFMT_SAME_ORIGIN_CHECK_NONE }, 0, INT_MAX,
> > D|E, "same_origin"},
>
> "none" sounds more natural.
>
> >
> >
> >> And do we
Quoting Michael Niedermayer (2023-05-02 23:15:46)
> the problem with default-disabled is that the user needs to know
> 1. that the option exist
> 2. what the option does
> 3. what an attacker can do with such urls
> 4. that its not enabled by default
>
> OTOH if its enabled by default, the worst i
Quoting Michael Niedermayer (2023-05-02 21:36:31)
> TODO: bump minor version, add docs
>
> Signed-off-by: Michael Niedermayer
> ---
> libavformat/avformat.h | 10 ++
> libavformat/options.c | 29 +
> libavformat/options_table.h | 3 +++
> 3 files c
Quoting Devin Heitmueller (2023-04-28 18:37:46)
> +void ff_ccfifo_freep(AVCCFifo **ccf)
> +{
> +if (ccf && *ccf) {
Don't check for ccf, it makes no sense to call this function with
ccf==NULL, so silently ignoring it can hide bugs.
> +AVCCFifo *tmp = *ccf;
> +if (tmp->cc_608_fi
On Tue, May 2, 2023 at 10:48 PM Devin Heitmueller <
devin.heitmuel...@ltnglobal.com> wrote:
> Hi Lance,
>
> On Sun, Apr 30, 2023 at 7:01 PM Lance Wang wrote:
> > This implementation is limited to decklink SDI output only, If
> possible,
> > can we implement the function from demuxer layer, and
26 matches
Mail list logo