[FFmpeg-devel] [RFC] CFHD

Michael Niedermayer michael at niedermayer.cc
Fri Apr 2 21:27:24 EEST 2021


Hi all

CFHD currently has even with all fixes (ignoring ones with objections) applied a null pointer
read and out of array write issue remaining.

My patch which makes the header parsing more restrictive has an objection
against it. and the only other developer who recently worked on it
stated that he has no "time or motivation to deal with this and similar issues"

Assuming no fix without objections is found. What do people prefer ?
Delay the 4.4 release ?
Apply all non objected fixes and mark CFHD as experimental ?
Something else ?

Also if anyone wants to work on this, tell me & paul (so someone can send you
the crashing testcases)

I wouldnt mind working on this but my approach of makeing the header
parser more restrictive and do it in a way that is easy to backport,
is unpopular and is in fact possibly just the first step in fixing this
if the objection didnt exist. 

So comments and input from other developers is definitly welcome here!

Thanks

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20210402/4dd9b0d6/attachment.sig>


More information about the ffmpeg-devel mailing list