[FFmpeg-user] ffmpeg 1.0.5 and buffer underflow - Update
Carl Eugen Hoyos
cehoyos at ag.or.at
Sat May 4 16:00:50 CEST 2013
Reindl Harald <h.reindl <at> thelounge.net> writes:
> who cares about 10% performance
It should be noted here that a 1% speed issue
is considered a severe issue in FFmpeg development.
(Or in other words: A 1% performance improvement is
generally seen as a very valuable contribution.)
> in case of more security?
No objection here, but I should repeat that you
should elaborate a bit on what kind of issues
can be avoided by the options.
> well, nobody said "make it default", but Carls attitude was
> "why do you not remove it" which is plain wrong
No, that is not my attitude, on the contrary:
If the relevant options fix some (theoretical) issues,
they should be made default (with an option to disable
them) or at least configurable.
If the options do not fix any (theoretical) issues
though, they should indeed be removed.
In any case, options that are not understood
should probably not be used.
> hence if i have a server where users can upload
> videos which are rpcoeeded in a cronjob i do not
> care about some % performance but i do care if
> someone exploits my machine with bad input
I hope you are compiling your executables with
increased assert-level set (this definitely fixed
some security issues in the past).
>
http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29
I like Wikipedia but it is typically not relevant
for technical discussions.
Carl Eugen
More information about the ffmpeg-user
mailing list