On Thu, Mar 09, 2017 at 12:16:09PM +0100, Nicolas George wrote: > Le nonidi 19 ventôse, an CCXXV, Michael Niedermayer a écrit : > > This is very basic really but lets elaborate > > for each side data type T > > possiblity A > > nothing uses side data type T > > > > possiblity B > > something uses side data type T > > > > Its the same with a codec, either a codec is used in some case or > > its used in no case. > > > > If something is used in no case then it has been eliminated as you > > describe. > > If somehing is still used in a case it has not been eliminated > > > > If as you describe side data has been eliminated then you could > > remove side data as a whole from the source code. > > > > If you cannot remove side data or a specific side data type from > > the source code then it has not been eliminated > > > > your change removes one way for an attacker to set side data but > > by the fact that you dont remove any of the side data types its > > clear you are aware of that every is still in use in some code path. > > > > a attacker may need to use a specific container format to set a > > specific side data type or may depend on a specific demuxer lib or > > application that allows him to set a side data type. > > > > now if you remove every way to set side data for an attacker then > > you can remove that side data type as a whole from the code. > > Of course that removes whatever the side data is for. > > > > Let me provide a specific example > > If a container suports changing extradata mid stream it will either > > be support or not. > > if any demuxer supports it then you have not eliminated the possiblity > > for an attacker > > > > I hope writing a elaborate reply will not lead to this discussion > > to shift onto some unrelated detail > > You are rehashing a lot of obvious facts, but you do not address the > important questions.
yes, i was trying to clarify a reply that was apparently unclear and not understood. its like statement -> point out disagreement -> do not understand -> clarify and clarify -> "You are rehashing a lot of obvious facts" Sorry if that felt off topic, it probably was [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Does the universe only have a finite lifespan? No, its going to go on forever, its just that you wont like living in it. -- Hiranya Peiri
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
