[FFmpeg-devel] [PATCH v4] Unbreak av_malloc_max(0) API/ABI

Michael Niedermayer michael at niedermayer.cc
Wed Nov 4 11:51:08 EET 2020


On Tue, Nov 03, 2020 at 02:38:52PM +0100, Andreas Rheinhardt wrote:
> Timo Rothenpieler:
> > Given the multitude of recent serious security issues in Chromium-Based
> > Browsers, is this even still an issue?
> > Anything not up to date enough to have already been fixed has serious
> > security issues and should be updated ASAP, which also fixes this issue
> > in turn.
> > 
> > I'd rather see downstream users fix their stuff than introduce
> > workarounds for broken downstreams into ffmpeg.
> +1

I normally am in favor of helping downstreams but in this case
I think there is maybe some risk of adding code which could somehow
end up as part of an exploit.
Asking for a more restrictive limit should not disable the limit,
that feels a bit dangerous to me

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Take away the freedom of one citizen and you will be jailed, take away
the freedom of all citizens and you will be congratulated by your peers
in Parliament.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20201104/26b7343f/attachment.sig>


More information about the ffmpeg-devel mailing list