[FFmpeg-devel] [PATCHv3] On2 VP7 decoder

Clément Bœsch u at pkh.me
Sat Mar 29 10:13:35 CET 2014


On Sat, Mar 29, 2014 at 05:30:31AM +0100, Vittorio Giovara wrote:
> On Sat, Mar 29, 2014 at 5:18 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > On Fri, Mar 28, 2014 at 03:14:16AM +0100, Michael Niedermayer wrote:
> >> On Thu, Mar 27, 2014 at 12:16:36PM +0100, Vittorio Giovara wrote:
> >> > On Thu, Mar 27, 2014 at 5:01 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
> >> > > On Wed, Mar 26, 2014 at 04:37:43AM +0100, Vittorio Giovara wrote:
> >> > >>
> >> > >> Furthermore it introduces at least a possible NULL pointer
> >> > >> dereferences in vp7_decode_frame_header() when prev_frame is NULL.
> >> > >
> >> > > fixed
> >> > >
> >> >
> >> > You're welcome, it would be just nice if these kind of security
> >> > reports were bi-derectional.
> >>
> >> Iam not sure i understand your suggestion (or complaint if its meant
> >> as one)
> >
> > Hmm
> >
> > The security issue you reported on
> >    26 Mar 2014 04:37 +0100 (CET)
> > was reported by a FFmpeg developer as trac ticket 3500 on
> >    25 Mar 2014 20:58 +0100 (CET)
> > (dates taken from the mails)
> >
> > I just now realized that this ticket describes the same issue
> > In light of that, i can make even less sense of what you said.
> >
> > I might be missing something, and if so, someone please correct me but
> > Iam not aware of a security issue that was reported by libav to
> > ffmpeg (except above).
> 
> It's already 1 vs 0 ;)

No. We often raised bugs to Libav in the past. We were classified as troll
or ignored when that happened.

Regards,

[...]

-- 
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140329/cc1b33f4/attachment.asc>


More information about the ffmpeg-devel mailing list