> -----Original Message----- > From: ffmpeg-devel <ffmpeg-devel-boun...@ffmpeg.org> On Behalf Of Ramiro Polla > Sent: Freitag, 16. Mai 2025 01:30 > To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> > Subject: Re: [FFmpeg-devel] [FFmpeg-cvslog] fftools/graphprint: Now, make it a > Killer-Feature! > > On Fri, May 16, 2025 at 1:04 AM softworkz . > <softworkz-at-hotmail....@ffmpeg.org> wrote: > > > From: ffmpeg-devel <ffmpeg-devel-boun...@ffmpeg.org> On Behalf Of Ramiro > Polla > > > Sent: Freitag, 16. Mai 2025 00:49 > [...] > > > What about the user parsing the output from the cli, looking for a > > > specific string (such as "graph file saved to [...]"), and opening > > > that? > > > > How many user will do that? 0.00001% ? And that's not necessary anyway, > > You can already do > > > > ffmpeg -print_graphs -print_graphs_format mermaidhtml -print_graphs_file > x.html > > > > But when you need that, you don't remember what exactly you need to > > specify, and look it up and change the file name on each run and > > launch the browser manually, etc. > > > > The reason for the title of this commit is because of adding a highly useful > > method to get insights into what ffmpeg is doing which everybody can > > remember and quickly add to a command line without needing to jump through > > any hoops. > > I understand that very few users will remember the proper invocation > off the top of their heads. > > <ChatGPT> > But at the same time, a malicious user crafting a script, wrapper, or > even just pasting shell commands into a terminal can absolutely be > expected to find and exploit any flaw we introduce, especially if it's > a call to system() with file paths involved. So while the feature is > aimed at convenience for a large group of users, it also creates a > non-trivial risk vector that a very small number of malicious users > could exploit in subtle and damaging ways. And historically, these are > exactly the kind of paths that get targeted over time. > </ChatGPT>
This is just bla bla. Please explain how you believe this could be exploited. Thanks sw _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
