From: "softworkz ." <softworkz-at-hotmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [FFmpeg-cvslog] fftools/graphprint: Now, make it a Killer-Feature!
Date: Fri, 16 May 2025 00:19:58 +0000
Message-ID: <BN0P223MB0358DBEABEA7E45637463E6FBA93A@BN0P223MB0358.NAMP223.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <CALweWgBH+XdfmPU2yqKZsMKSs-ge42h+F_0=BuUJH66fgg9Bxg@mail.gmail.com>
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of Ramiro Polla
> Sent: Freitag, 16. Mai 2025 01:30
> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
> Subject: Re: [FFmpeg-devel] [FFmpeg-cvslog] fftools/graphprint: Now, make it a
> Killer-Feature!
>
> On Fri, May 16, 2025 at 1:04 AM softworkz .
> <softworkz-at-hotmail.com@ffmpeg.org> wrote:
> > > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of Ramiro
> Polla
> > > Sent: Freitag, 16. Mai 2025 00:49
> [...]
> > > What about the user parsing the output from the cli, looking for a
> > > specific string (such as "graph file saved to [...]"), and opening
> > > that?
> >
> > How many user will do that? 0.00001% ? And that's not necessary anyway,
> > You can already do
> >
> > ffmpeg -print_graphs -print_graphs_format mermaidhtml -print_graphs_file
> x.html
> >
> > But when you need that, you don't remember what exactly you need to
> > specify, and look it up and change the file name on each run and
> > launch the browser manually, etc.
> >
> > The reason for the title of this commit is because of adding a highly useful
> > method to get insights into what ffmpeg is doing which everybody can
> > remember and quickly add to a command line without needing to jump through
> > any hoops.
>
> I understand that very few users will remember the proper invocation
> off the top of their heads.
>
> <ChatGPT>
> But at the same time, a malicious user crafting a script, wrapper, or
> even just pasting shell commands into a terminal can absolutely be
> expected to find and exploit any flaw we introduce, especially if it's
> a call to system() with file paths involved. So while the feature is
> aimed at convenience for a large group of users, it also creates a
> non-trivial risk vector that a very small number of malicious users
> could exploit in subtle and damaging ways. And historically, these are
> exactly the kind of paths that get targeted over time.
> </ChatGPT>
This is just bla bla.
Please explain how you believe this could be exploited.
Thanks
sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-05-16 0:20 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250515211148.6C91C4128B8@natalya.videolan.org>
2025-05-15 21:50 ` Ramiro Polla
2025-05-15 21:59 ` softworkz .
2025-05-15 22:13 ` Ramiro Polla
2025-05-15 22:19 ` softworkz .
2025-05-15 22:33 ` softworkz .
2025-05-15 22:34 ` Mark Thompson
2025-05-15 22:43 ` softworkz .
2025-05-15 22:49 ` Ramiro Polla
2025-05-15 23:04 ` softworkz .
2025-05-15 23:29 ` Ramiro Polla
2025-05-16 0:19 ` softworkz . [this message]
2025-05-15 22:49 ` softworkz .
2025-05-24 15:54 ` Rémi Denis-Courmont
2025-05-25 10:50 ` softworkz .
2025-05-16 0:00 ` Marton Balint
2025-05-16 0:17 ` softworkz .
2025-05-16 0:27 ` James Almer
2025-05-16 0:32 ` softworkz .
2025-05-16 0:36 ` softworkz .
2025-05-16 0:39 ` James Almer
2025-05-16 0:45 ` Lynne
2025-05-16 0:59 ` softworkz .
2025-05-16 0:54 ` Michael Niedermayer
2025-05-16 1:26 ` softworkz .
2025-05-16 8:43 ` softworkz .
2025-05-16 9:41 ` softworkz .
2025-05-16 9:50 ` Nicolas George
2025-05-16 10:10 ` softworkz .
2025-05-16 11:10 ` Nicolas George
2025-05-16 11:49 ` Michael Niedermayer
2025-05-16 12:03 ` Nicolas George
2025-05-31 21:38 ` softworkz .
2025-05-16 13:42 ` softworkz .
2025-05-16 13:45 ` Nicolas George
2025-05-16 3:39 ` Romain Beauxis
2025-05-16 4:15 ` softworkz .
2025-05-16 5:06 ` softworkz .
2025-05-16 8:11 ` Marton Balint
2025-05-24 16:01 ` Rémi Denis-Courmont
2025-05-25 11:04 ` softworkz .
2025-05-15 21:53 ` James Almer
2025-05-15 21:58 ` softworkz .
2025-05-15 22:00 ` James Almer
2025-05-15 22:02 ` softworkz .
2025-05-16 2:06 ` softworkz .
2025-05-31 21:38 ` softworkz .
2025-05-16 6:22 ` Martin Storsjö
2025-05-16 6:40 ` softworkz .
2025-05-16 7:50 ` softworkz .
2025-05-16 8:13 ` Gyan Doshi
2025-05-16 8:19 ` softworkz .
2025-05-16 8:19 ` Martin Storsjö
2025-05-16 8:25 ` softworkz .
2025-05-16 8:50 ` Martin Storsjö
2025-05-16 8:55 ` softworkz .
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BN0P223MB0358DBEABEA7E45637463E6FBA93A@BN0P223MB0358.NAMP223.PROD.OUTLOOK.COM \
--to=softworkz-at-hotmail.com@ffmpeg.org \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git