On 4/4/2021 4:42 AM, Paul B Mahol wrote:
On Sat, Apr 3, 2021 at 1:01 PM Anton Khirnov <an...@khirnov.net> wrote:
Quoting Michael Niedermayer (2021-04-02 20:27:24)
Hi all
CFHD currently has even with all fixes (ignoring ones with objections)
applied a null pointer
read and out of array write issue remaining.
My patch which makes the header parsing more restrictive has an objection
against it. and the only other developer who recently worked on it
stated that he has no "time or motivation to deal with this and similar
issues"
IMO any objection to a patch that does not include a clearly spelled out
reason for the objection and/or an alternative solution should be
ignored or regarded as spamming the ML. Especially when the patch
addresses crashes or other security issues.
Nice, You also prefer non-really security fixes. Good job team.
I'm not going to repeat what I said about original patch(es).
Could you at least suggest what would be a proper fix?
The code can't be left like this, so something needs to be done. You
disliked Michael's approach, so what's the alternative?
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
