[FFmpeg-devel] [PATCH] avcodec/fft_template: Fix multiple runtime error: signed integer overflow: -1943918714 - 1935113003 cannot be represented in type 'int'

wm4 nfxjfg at googlemail.com
Sun Jun 11 15:58:56 EEST 2017


On Sun, 11 Jun 2017 03:58:30 +0300
Ivan Kalvachev <ikalvachev at gmail.com> wrote:

> Of course, as FFmpeg developer, it is your right to initiate a vote
> that would prevent Michael from trying to make FFmpeg more secure.
> He has always complied with official decisions.

Nothing but polemic nonsense intended to scare others into having your
way.

If our code is so tricky that nobody can understand it or the intention
behind code (like types being simultaneously signed and unsigned), it
won't have a positive influence on the security of the code.

If you really want to make code more secure, you should probably think
about making code _simpler_, nor more complex.

> However this might turn into publicity nightmare,
> as security community is known to overreact
> on certain topics.

That too. The security community in particular seems to be full of
individuals who will gladly misrepresent risks to get attentions, and
companies doing the same to sell their "security" products.


More information about the ffmpeg-devel mailing list