[FFmpeg-devel] [RFC] Shaping the AVTextFormat API Surface

[Rémi Denis-Courmont]

Le tiistaina 22. huhtikuuta 2025, 7.20.26 Itä-Euroopan kesäaika softworkz . a 
écrit :
> Hi Stefano, Andreas, Nicolas
> and of course, anybody who's interested in the AVTextFormat APIs,
> 
> 
> let me start by saying that I have no intention to rush the
> publicization of those APIs. I think there's still a way to go.
> But it's also true that when you don't have a clear understanding
> of where you actually want to go, you'll hardly arrive there.
> 
> At the implementation level, I sensed that "you" ("FFmpeg")
> are following some principles which are somewhat contradictive to
> those that I'm usually adhering to (e.g. "parameter validation
> being a responsibility of the call site, crashing otherwise
> being acceptable"). Nonetheless, I'm the one who has to adapt,
> and I'm not going to question that.

How do you validate parameters in C in the first place? Pointers are so 
pervasive (in general, as in FFmpeg), and essentially impossible to validate. 
How do you prevent crashing on invalid pointers?

I feel that what you think you are usually doing is not what you think that 
you are actually usually doing.

It makes sense to validate inputs if you are on a trust boundary and/or 
deserialising data. But that's about the only cases (and it's debatable if 
those aren't even two sides of the same coin).

-- 
ヅニ-クーモン・レミ
Hagalund ny stad, f.d. Finska republik Nylands