metadata: privacy leak due to --no-metadata-network-access not being respected
--no-metadata-network-access
is meant to prevent metadata from being fetched over the network, preventing leak of privacy when a media is being played (among other perks).
Currently the flag is only respected when the actual metadata is searched for, but VLC will still allow art to be downloaded if the art-uri is present directly within the media being played.
Elaboration
There are multiple ways of generating a sample which includes artwork that requires network access, but just to demonstrate the flaw I decided to use an m3u
(as it is more easily tampered with, and read).
/tmp/poc% ls
foo.m3u sample.mp3
/tmp/poc% cat foo.m3u
#EXTM3U
#EXTINF:1,...hello world
#EXTALBUMARTURL:http://atch.se/foo.png
/tmp/poc/sample.mp3
/tmp/poc% vlc -Irc foo.m3u --no-metadata-network-access
VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89)
Command Line Interface initialized. Type `help' for help.
[0000000002345a68] core playlist: stopping playback
[00007f86c8009da8] http access error: error: HTTP/1.1 404 Not Found
...
>
http://atch.se/foo.png
is at the time of writing not available, which is why the http access yields 404
(though the connection is still, of course, established - which is the real issue).