These demuxers have probes that mainly probe based on file extension, and map to codec IDs that render text as video. The result is that ffmpeg will, by default, happily render, for example, .txt files as images. This is not exactly a good security practice, an only makes it easier for potential attackers to gain the contents of system files.
Disable building these by default. Signed-off-by: Derek Buitenhuis <derek.buitenh...@gmail.com> --- I've been hard disabling these at $dayjob for a long time, after some "interesting" upload attempts, but it should probably be done for everyone. I'm not overly attached implementaion details like the option name or whether it's done at build time ot runtime, but I think the concept of "don't render arbitrary system text files" is an important one. --- Changelog | 1 + configure | 7 +++++++ tests/fate.sh | 1 + 3 files changed, 9 insertions(+) diff --git a/Changelog b/Changelog index d442ced..e3f8e83 100644 --- a/Changelog +++ b/Changelog @@ -6,6 +6,7 @@ version <next>: - tmix filter - amplify filter - fftdnoiz filter +- unsafe demuxers that render text files now disabled by default version 4.0: diff --git a/configure b/configure index a1f13a7..2f2805e 100755 --- a/configure +++ b/configure @@ -107,6 +107,7 @@ Configuration options: --enable-small optimize for size instead of speed --disable-runtime-cpudetect disable detecting CPU capabilities at runtime (smaller binary) --enable-gray enable full grayscale support (slower color) + --enable-unsafe-demuxers enable unsafe-by-default demuxers --disable-swscale-alpha disable alpha channel support in swscale --disable-all disable building components, libraries and programs --disable-autodetect disable automatically detected external libraries [no] @@ -1784,6 +1785,7 @@ FEATURE_LIST=" small static swscale_alpha + unsafe_demuxers " LIBRARY_LIST=" @@ -3100,6 +3102,7 @@ videotoolbox_encoder_deps="videotoolbox VTCompressionSessionPrepareToEncodeFrame # demuxers / muxers ac3_demuxer_select="ac3_parser" +adf_demuxer_deps="unsafe_demuxers" aiff_muxer_select="iso_media" asf_demuxer_select="riffdec" asf_o_demuxer_select="riffdec" @@ -3107,6 +3110,7 @@ asf_muxer_select="riffenc" asf_stream_muxer_select="asf_muxer" avi_demuxer_select="iso_media riffdec exif" avi_muxer_select="riffenc" +bintext_demuxer_deps="unsafe_demuxers" caf_demuxer_select="iso_media riffdec" caf_muxer_select="iso_media" dash_muxer_select="mp4_muxer" @@ -3124,6 +3128,7 @@ flac_demuxer_select="flac_parser" hds_muxer_select="flv_muxer" hls_muxer_select="mpegts_muxer" hls_muxer_suggest="gcrypt openssl" +idf_demuxer_deps="unsafe_demuxers" image2_alias_pix_demuxer_select="image2_demuxer" image2_brender_pix_demuxer_select="image2_demuxer" ipod_muxer_select="mov_muxer" @@ -3167,6 +3172,7 @@ swf_demuxer_suggest="zlib" tak_demuxer_select="tak_parser" tg2_muxer_select="mov_muxer" tgp_muxer_select="mov_muxer" +tty_demuxer_deps="unsafe_demuxers" vobsub_demuxer_select="mpegps_demuxer" w64_demuxer_select="wav_demuxer" w64_muxer_select="wav_muxer" @@ -3176,6 +3182,7 @@ webm_muxer_select="iso_media riffenc" webm_dash_manifest_demuxer_select="matroska_demuxer" wtv_demuxer_select="mpegts_demuxer riffdec" wtv_muxer_select="mpegts_muxer riffenc" +xbin_demuxer_deps="unsafe_demuxers" xmv_demuxer_select="riffdec" xwma_demuxer_select="riffdec" diff --git a/tests/fate.sh b/tests/fate.sh index 0edee7f..6a99d66 100755 --- a/tests/fate.sh +++ b/tests/fate.sh @@ -49,6 +49,7 @@ configure()( --enable-gpl \ --enable-memory-poisoning \ --enable-avresample \ + --enable-unsafe-demuxers \ ${ignore_tests:+--ignore-tests="$ignore_tests"} \ ${arch:+--arch=$arch} \ ${cpu:+--cpu="$cpu"} \ -- 1.8.3.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel