On Sat, Oct 25, 2014 at 05:43:00PM -0300, James Almer wrote: > On 25/10/14 4:51 PM, Michael Niedermayer wrote: > > diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h > > index eac3fc7..1000c80 100644 > > --- a/libavcodec/avcodec.h > > +++ b/libavcodec/avcodec.h > > @@ -3118,6 +3118,8 @@ typedef struct AVCodecContext { > > * If NULL then all are allowed > > * - encoding: unused > > * - decoding: set by user through AVOPtions (NO direct access) > > + * > > + * @see av_enable_strict_whitelists() > > */ > > char *codec_whitelist; > > } AVCodecContext; > > @@ -5240,6 +5242,21 @@ const AVCodecDescriptor > > *avcodec_descriptor_next(const AVCodecDescriptor *prev); > > const AVCodecDescriptor *avcodec_descriptor_get_by_name(const char *name); > > > > /** > > + * Enables strict whitelists, so that if no whitelist is set nothing will > > be > > + * allowed. > > + * This improves security because when some code forgets to set or forward > > + * the whitelists it will fail instead of allowing an attacker to access a > > + * larger codebase than intended/needed. > > + */ > > +void av_enable_strict_whitelists(void); > > + > > +/** > > + * returns non zero if strict whitelists are enabled. > > + * @see av_enable_strict_whitelists() > > + */ > > +int av_are_strict_whitelists_enabled(void); > > + > > +/** > > * @} > > */ > > How about > > av_codec_whitelist_strict_enable() av_codec_whitelist_strict_enabled() > av_codec_whitelist_enable_strict() av_codec_whitelist_enabled_strict() > av_strict_whitelist_enable() av_strict_whitelist_enabled()
these are typo prone, i mean will you spot this: (could easily happen with auto completion of words ...) av_codec_whitelist_strict_enabled(); // enabling strict whitelists avcodec_open(); [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I know you won't believe me, but the highest form of Human Excellence is to question oneself and others. -- Socrates
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel