[FFmpeg-devel] [RFC] CFHD
Paul B Mahol
onemda at gmail.com
Fri Apr 2 23:14:31 EEST 2021
On Fri, Apr 2, 2021 at 8:28 PM Michael Niedermayer <michael at niedermayer.cc>
wrote:
> Hi all
>
> CFHD currently has even with all fixes (ignoring ones with objections)
> applied a null pointer
> read and out of array write issue remaining.
>
> My patch which makes the header parsing more restrictive has an objection
> against it. and the only other developer who recently worked on it
> stated that he has no "time or motivation to deal with this and similar
> issues"
>
> Assuming no fix without objections is found. What do people prefer ?
> Delay the 4.4 release ?
> Apply all non objected fixes and mark CFHD as experimental ?
> Something else ?
>
Start fixing professionally security issues.
Am not going to do someone else job.
> Also if anyone wants to work on this, tell me & paul (so someone can send
> you
> the crashing testcases)
>
> I wouldnt mind working on this but my approach of makeing the header
> parser more restrictive and do it in a way that is easy to backport,
> is unpopular and is in fact possibly just the first step in fixing this
> if the objection didnt exist.
>
> So comments and input from other developers is definitly welcome here!
>
> Thanks
>
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Awnsering whenever a program halts or runs forever is
> On a turing machine, in general impossible (turings halting problem).
> On any real computer, always possible as a real computer has a finite
> number
> of states N, and will either halt in less than N cycles or never halt.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list