From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id DC25F461CE for ; Tue, 9 May 2023 07:35:22 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9FFBF68BF26; Tue, 9 May 2023 10:35:19 +0300 (EEST) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (unknown [40.107.8.131]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AC3446806D7 for ; Tue, 9 May 2023 10:35:13 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wvbd1tJ1YFiLzQ75Y9fyez3BkGOzrAGlGG2FWjHS1xh7gu14zEPrZpXNT1lnPxImisFjmEEeThJ/dMrWJucH0W3d+h85/zvDBgbNwGSfXV2W3Up1pjIQ1kPS6Va/vHXtykngkB5Lyy3P3HDYsK7n7EdqMoNKROMUGJJc4XP1J3Sp+3qkZLXx9lwMiaz2Lf23Cb8ZaT6Hn9aVueBKF1h9nvpaxjqTSv0QVmPi/bXVnsb2j7jSuV9maR73skApdt6yncaKGx5raTY+JJGCC8v2Naou72DY7e2FJSV5JdqyAnIL/c0zvq2qsn0O4vYcJFSYsDyOPunJbzaiKa3S7FIDlg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4ghcN9gAI8Y0fh+mzZsUnd9T6wMNC94DF9Nfg5EnEs8=; b=BRhmgx/YR5zRB5T3CYAl2QAWzGBE98mjj8I4yWmhnCUseNsMZwcSTxtvsnmDUTrZRlaNlcwV1fJs/kbcfATcn7eS+cry9BnbyyOj6pqE99WZI1mo0oIz9A7AxTeInWkSWZIFzHPS8l7HfSrgYIKwMfJBy7sAMfDhz40b+jrmloSNf+hD+r9bUhgcAd+Euq0qIGEaCF9exW9ceRd19yjTRlu1ATx0yDzDYo6WCrJhDlFan30mdIOFlCP4zSRhakC7JPQB9I7WWBQs5gadVBuFA7pc2egIcscghJ8gZ+tZWuwtOhVFjeqqMw2c/vJI3wcAxu9EkkCXeRIw5HJsLY5i6A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=noa-archive.com; dmarc=pass action=none header.from=noa-archive.com; dkim=pass header.d=noa-archive.com; arc=none Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=noa-archive.com; Received: from DB4PR09MB5847.eurprd09.prod.outlook.com (2603:10a6:10:38d::8) by AS2PR09MB6264.eurprd09.prod.outlook.com (2603:10a6:20b:5fb::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.33; Tue, 9 May 2023 07:35:12 +0000 Received: from DB4PR09MB5847.eurprd09.prod.outlook.com ([fe80::a335:55fa:f8e8:1f8f]) by DB4PR09MB5847.eurprd09.prod.outlook.com ([fe80::a335:55fa:f8e8:1f8f%8]) with mapi id 15.20.6363.032; Tue, 9 May 2023 07:35:11 +0000 Message-ID: <0a0beb48-1ba5-0c6c-ecd0-c574ef635513@noa-archive.com> Date: Tue, 9 May 2023 09:35:09 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20230506132503.9524-1-michael@niedermayer.cc> <20230508223508.GW1391451@pb2> <168361317605.3843.15085974109463921278@lain.khirnov.net> From: Tobias Rapp Organization: NOA GmbH In-Reply-To: <168361317605.3843.15085974109463921278@lain.khirnov.net> X-ClientProxiedBy: FR0P281CA0232.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:b2::16) To DB4PR09MB5847.eurprd09.prod.outlook.com (2603:10a6:10:38d::8) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB4PR09MB5847:EE_|AS2PR09MB6264:EE_ X-MS-Office365-Filtering-Correlation-Id: f915a5ed-5fb4-4ec4-26d0-08db505fec15 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pz1311w3zZQEQwRynzGTCIqq1/GXXTwuYAsAu7mHL42BrnMloHVM1o/Emz9uasiwSzaWB3BLgZtzGmf6KMSCLnZI6ZEEa5xm4qyhtOE8aTlmxPkPLz02uV3yArADdIgGT8KDgw4q2x6WaYLyfwUbI/mX1kPRmb7znOgdsXoonn+iDA9EdwSk7ahw5gLU2wNb0FDb3kY52TIDTAhpZeFUpq1pYzMi7QTNpVpLWZGhY8doA/jtLWjProUEzFkRYMb5tlka0QJ01sHP0Os1lSpGh4+ukF10SYqeS8paUMDP2Fk37wO5BzonsSrZ42S5oTQWz9/UHgdz1oLi5zSdyAj/iAgV+8mcwWftTaLPolybbj8hTMZIcD7KXeYeBrPMukxTPuc2yhRO6BdWWB1X/GAhGgPOaLZy6mVUv5RaJnIH7jbTuueBlNMEenOSDo0Sg6elT4R75RHkSpbpKjtHTJmncYUQufP52AklRn/2UXHZPqBtxWicc+6GSjbAMyNMJFLdoWpFMpo9PUm4yGSvURp4vQIiFs6ZOX4pyHWyjlwSS495BZSiIOuhonMkvCqhNJYzpWOgonSUMeYbC6nE2a3bxCRMmTdrIg/y6IWedkK02W3xf6xfvBMtPuLxyzAhQi04rjpWIEO8wj/9IaZv2zKffw== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB4PR09MB5847.eurprd09.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(396003)(346002)(366004)(39830400003)(376002)(136003)(451199021)(31686004)(26005)(6506007)(6512007)(38100700002)(66556008)(66946007)(31696002)(86362001)(2906002)(6916009)(8676002)(316002)(53546011)(66476007)(41300700001)(8936002)(478600001)(5660300002)(83380400001)(2616005)(6486002)(36916002)(36756003)(186003)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?a0pGR3l6UkZLK1VYNnQ3Nm1YK2hITFplelZhaGU3eU1MeGlTc1pPbEFYYWJu?= =?utf-8?B?SzRyQnRJSEMxTHFWcmQ0dVpsSDkwUFYzTW5qb1pQR0p4TXdENjM1enN2elpU?= =?utf-8?B?MFJpd1JvQ29oaVd4ZUZBdCtKVEgzM3hjV1NrbDBjaDJaMkY2VFNCYUhUNlZE?= =?utf-8?B?djdLTmFPUmZxcXFIS2hxdlEvMjJIbjFjWW5ia2NXWFc1QjRQbXk4c2RFOHNs?= =?utf-8?B?L01ackJtYUc2T01wcVlRbTJUUkdKOVpiUENlS0NUNndUYTNGYnBFSFBmK3Y1?= =?utf-8?B?WWVTSnNEYWtEaUJvLzRUWnk4WkZhWnViMjVWTkx4R3JRSDZHZnpjQ20yTDRr?= =?utf-8?B?SVN1a1FWZFRwN1B1d1hRSVE3Ui82SXkrRHRrODlCKy9QQW04bjN0ZjdjWGNB?= =?utf-8?B?Q005ZkIweFhFZC9ySVVQY09OSlFrcUpBSXo2eit5UFFIQ0xMaFFlMW56dzZX?= =?utf-8?B?amJWblMza2MyMkxXU2cram95RDVHckd6Rmp1T0xEWko5dC91QjFUY0NhTU9i?= =?utf-8?B?RHJielh4bHJxcEdwKzAwVTByUHBHa2ppREFTekxSNmppQzV5WGJscmJ0akJa?= =?utf-8?B?MENZUmUzMlA4aEdNWE02SEI1UGNMRGtBejJEYlFybVNscUZhU09VV0d4WmFU?= =?utf-8?B?VFA0VDJkeW5naUZnSWVqRHBpODFjems4dlRxWTcrZVVxbE80eDRaOHl2VHJk?= =?utf-8?B?emZZeStKSlpGVVRXMzIxUlRheFUwV2g3RkZ2UGp6VzVhK0JEbndUS2hYMmN0?= =?utf-8?B?aFNqZHpzbEUwVW1oQzE3SURjcGhlWnZGYnk3TUpjZVBtdTlIOEJhRVB3SnBm?= =?utf-8?B?OTV1SHlUYVhjRzFZcWJLMWUzOElnNmNrcWtCTHMyakd6RW1NSUE3dEtvUEpO?= =?utf-8?B?dCsyRFV5bjVOcURpUHZxYjdtUERpcnI0SVhtY2ZacnF2TGVZWjZpSXltbVIw?= =?utf-8?B?ODhNRjlmWkNqektRTzhaNUNIbUpNc083NW8vOVV0WXBBM1BrUVMxTTFwcm5X?= =?utf-8?B?d1MxeS9JV1A2R3pocUdGR20zMzJRakRhc2FFWkxvSzgwa2lQTjRNV2tzMnJG?= =?utf-8?B?ME5wSDBLNnk4dDNNSGE0cE1Ra2gzcjQ1OEpSVTNlNU1CVURWc2pJNVpnMUZO?= =?utf-8?B?eVZuLzNzL0VUbTdWWG9OWUw3WERrZUl2a3dOcEkvTHhqYUQ5Qlh2VUpuSVpG?= =?utf-8?B?U1dXV0xXYmdtVTJwdHhVeEhsK1o0S2s1VS9pRk81eFFRWlR6NmJyM3hyTDA2?= =?utf-8?B?d1VJZVc3bDFWdWNxYmhEWGVhcUFwc1ZadWp2ZGJvZlFjbmVkYWJoTFdLb05y?= =?utf-8?B?b3JnRXJ4OXRKMUE3ZDJqb29xbmoyRERpakJGTjBwcnRhSkdTeGJNc1ZyZWN4?= =?utf-8?B?KzNQUnd3S0pmcXJTUDI1TEd4VFFCNTdncnFzRGFrNDIydTRKRGM5Q3cxR1Fw?= =?utf-8?B?R0NqZU51WDBMSXl3NFdmVndENkVKaE1OS1ZzWU0wcG9IZVFDVmNoZklqN1Y4?= =?utf-8?B?Ny9iMVRyaGM0WHc2ZGJPMGRTV2NOYVBlYlF5a1hxakJmcWhHZCtMZjYrTjJJ?= =?utf-8?B?bXFLNzdqa0lSaDBIWDk4MndyNGhkNEEwZkRKS09OSVRZV0J1SFkzTTBYQ3B3?= =?utf-8?B?VXNiZmxWMXQ1Z3c4bXJ6R2tSeWJoWlJ3OVZrVGJqc2ptL3VBTXlYZzI4cGhj?= =?utf-8?B?c3htOWN0M3JwUjk2djZWaDMvYTVKT2Nobmd3c21nb2ZSV1pxeCt4eUxjaklx?= =?utf-8?B?S2JsTTd5elNZMXZtM1JrZ3BOU05iVXhHNTFQYkl0TnJPSkd5Q2FiTTNxTldv?= =?utf-8?B?ZytqeGZzRjVnTmlYSHRmS2xRbDVjdzZibGovZDlPRHludXpsVzB0akYxK0w5?= =?utf-8?B?OWNIbWlJOW0rNzVXcUd1eXYwR2cyR3R1ZmxjR3VvM2xzQ21ERmx3R3hiNnUy?= =?utf-8?B?Q0RxZGMvQzdoV2pDQjBvSTBEOFdyRnp2ZHlMalNVbEkzbFBEUzVkcms0aGlB?= =?utf-8?B?eDdrZ2dWemFUdFFuYVpUcitSR2xsSUk5aW8rYUFLTHRwM240TlV0Q0MvdWt6?= =?utf-8?B?bk5Kdm9PMEU4Mjl1MGVjZTM2WDNnQ1NuYUVsWmtlUElkcUNBZFVXWXRIWmxK?= =?utf-8?B?Y2RUbzhGR2h2NmVpaEtUeFNlN21kWGo3UHNNWkhPTkpZM2VrQ1piNE5zVDhT?= =?utf-8?B?VGc9PQ==?= X-OriginatorOrg: noa-archive.com X-MS-Exchange-CrossTenant-Network-Message-Id: f915a5ed-5fb4-4ec4-26d0-08db505fec15 X-MS-Exchange-CrossTenant-AuthSource: DB4PR09MB5847.eurprd09.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 May 2023 07:35:11.7814 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a676c8d7-7f39-4c99-a306-48abb76a98e9 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rYhWKAU+xMSF6qz17TRpWjFyWftiZu8nFYYSWdldqi/RCDeCSXnMh9xbjcU/dEQrTChqST3u7PiSqQGWBgurqA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR09MB6264 Subject: Re: [FFmpeg-devel] [PATCH 1/3] avformat/dashdec: fail on probing non mpd file extension X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 09/05/2023 08:19, Anton Khirnov wrote: > Quoting Michael Niedermayer (2023-05-09 00:35:08) >> On Mon, May 08, 2023 at 04:05:40PM +0200, Tobias Rapp wrote: >>> [...] >>> DASH is usually transferred over HTTP where file extensions are of minor >>> interest, the relevant type information is in the Mime-Type header. >> would anyone be opposed to return 0 from dash_probe() when >> both the mime_type and the extension are wrong ? > I would. > > probe() is for probing, not implementing security policies. IMO trying > to fix security issues at the wrong layer will only lead to more > confusion, more complexity, and LESS security. I agree that probing should be unrelated to the actual format selection policy. >> example: a crafted image.jpeg uploaded somewhere is played as dash. >> or am i missing something that would stop that ? The player application could exclude the dash format (and other playlist formats) from the format_whitelist I guess? The alternative for the player application if it doesn't need to depend on the system installation of FFmpeg libraries would be to exclude unwanted formats at compilation time. Regards, Tobias _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".