[FFmpeg-devel] [RFC] CFHD

James Almer jamrial at gmail.com
Sun Apr 4 21:47:13 EEST 2021


On 4/4/2021 4:42 AM, Paul B Mahol wrote:
> On Sat, Apr 3, 2021 at 1:01 PM Anton Khirnov <anton at khirnov.net> wrote:
> 
>> Quoting Michael Niedermayer (2021-04-02 20:27:24)
>>> Hi all
>>>
>>> CFHD currently has even with all fixes (ignoring ones with objections)
>> applied a null pointer
>>> read and out of array write issue remaining.
>>>
>>> My patch which makes the header parsing more restrictive has an objection
>>> against it. and the only other developer who recently worked on it
>>> stated that he has no "time or motivation to deal with this and similar
>> issues"
>>
>> IMO any objection to a patch that does not include a clearly spelled out
>> reason for the objection and/or an alternative solution should be
>> ignored or regarded as spamming the ML. Especially when the patch
>> addresses crashes or other security issues.
>>
> 
> Nice, You also prefer non-really security fixes. Good job team.
> 
> I'm not going to repeat what I said about original patch(es).

Could you at least suggest what would be a proper fix?

The code can't be left like this, so something needs to be done. You 
disliked Michael's approach, so what's the alternative?


More information about the ffmpeg-devel mailing list