On 25/10/14 4:51 PM, Michael Niedermayer wrote: > diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h > index eac3fc7..1000c80 100644 > --- a/libavcodec/avcodec.h > +++ b/libavcodec/avcodec.h > @@ -3118,6 +3118,8 @@ typedef struct AVCodecContext { > * If NULL then all are allowed > * - encoding: unused > * - decoding: set by user through AVOPtions (NO direct access) > + * > + * @see av_enable_strict_whitelists() > */ > char *codec_whitelist; > } AVCodecContext; > @@ -5240,6 +5242,21 @@ const AVCodecDescriptor *avcodec_descriptor_next(const > AVCodecDescriptor *prev); > const AVCodecDescriptor *avcodec_descriptor_get_by_name(const char *name); > > /** > + * Enables strict whitelists, so that if no whitelist is set nothing will be > + * allowed. > + * This improves security because when some code forgets to set or forward > + * the whitelists it will fail instead of allowing an attacker to access a > + * larger codebase than intended/needed. > + */ > +void av_enable_strict_whitelists(void); > + > +/** > + * returns non zero if strict whitelists are enabled. > + * @see av_enable_strict_whitelists() > + */ > +int av_are_strict_whitelists_enabled(void); > + > +/** > * @} > */
How about av_codec_whitelist_strict_enable() av_codec_whitelist_strict_enabled() av_codec_whitelist_enable_strict() av_codec_whitelist_enabled_strict() av_strict_whitelist_enable() av_strict_whitelist_enabled() or similar, to make both names consistent? _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel