[FFmpeg-devel] [PATCH 1/2] avcodec/wmv2dec: Check end of bitstream in parse_mb_skip() and ff_wmv2_decode_mb()
Michael Niedermayer
michael at niedermayer.cc
Mon Sep 18 03:15:21 EEST 2017
Hi
On Sun, Sep 17, 2017 at 04:16:13PM -0400, Ronald S. Bultje wrote:
> Hi,
>
> On Sat, Sep 16, 2017 at 8:42 PM, Michael Niedermayer <michael at niedermayer.cc
> > wrote:
>
> > + if (get_bits_left(&s->gb) < 0) {
> > + av_log(s->avctx, AV_LOG_ERROR,
> > + "Insufficient bits left at %d %d\n", s->mb_x, s->mb_y);
> > + return AVERROR_INVALIDDATA;
> > + }
>
>
> We've talked about this before, av_log(AV_LOG_ERROR) is not appropriate for
> such terse and unhelpful messages that really only apply to fuzz-broken
> files...
We talked about this before. And we disagree on almost everything
certainly the implied assumptions you repeat here.
Also i must say i really would prefer to work on the code without
these debates. I maintain the code in question here, can people not
just let me maintain the code ...
IIRC, previously you wanted "All" these error messages removed from
the binary. Your statement above now leaves it more wide open how to
resolve it
But if you still want them removed from the binary, then my reply is
still the same
Iam happy to follow what the community prefers.
I have seen no evidence that theres a majority preferring to remove
all error messages for errors that have been found by help of automated
fuzzers. Ive seen 3 or 4 people complaining about error messages and
ive seen people working on fixing security issues (not just me)
disagreeing when they where told to remove messages.
I may be wrong but i suspect the "hardline" total removal has
few people supporting it. Especially outside FFmpeg and the projects
surrounding it. Ive not seen this radical viewpoint elsewhere.
Detailed error messages are valuable
If OTOH what you suggest now (you did after all not state it clearly
in your reply) is litterally just changing away from a
terse av_log(AV_LOG_ERROR) message. I certainly can try to improve
the error message, make it clearer and more verbose.
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Never trust a computer, one day, it may think you are the virus. -- Compn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170918/aa739fd1/attachment.sig>
More information about the ffmpeg-devel
mailing list