[FFmpeg-user] ffmpeg 1.0.5 and buffer underflow - Update

Carl Eugen Hoyos cehoyos at ag.or.at
Sat May 4 16:00:50 CEST 2013


Reindl Harald <h.reindl <at> thelounge.net> writes:

> who cares about 10% performance

It should be noted here that a 1% speed issue 
is considered a severe issue in FFmpeg development.
(Or in other words: A 1% performance improvement is 
generally seen as a very valuable contribution.)

> in case of more security?

No objection here, but I should repeat that you 
should elaborate a bit on what kind of issues 
can be avoided by the options.

> well, nobody said "make it default", but Carls attitude was
> "why do you not remove it" which is plain wrong

No, that is not my attitude, on the contrary:
If the relevant options fix some (theoretical) issues, 
they should be made default (with an option to disable 
them) or at least configurable.
If the options do not fix any (theoretical) issues 
though, they should indeed be removed.

In any case, options that are not understood 
should probably not be used.

> hence if i have a server where users can upload 
> videos which are rpcoeeded in a cronjob i do not 
> care about some % performance but i do care if 
> someone exploits my machine with bad input

I hope you are compiling your executables with 
increased assert-level set (this definitely fixed 
some security issues in the past).

>
http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29

I like Wikipedia but it is typically not relevant 
for technical discussions.

Carl Eugen



More information about the ffmpeg-user mailing list