2019-01-17 22:58 GMT+01:00, Derek Buitenhuis <derek.buitenh...@gmail.com>: > On 17/01/2019 03:06, Carl Eugen Hoyos wrote: >> You mean searching for security issues makes no sense? > > This isn't a security and it isn't a fix. It's a completely > arbitrary statistic to make an arbitrary program happy.
No, you are completely missing the point. Possible security issues in this decoder will only be searched (and therefore found) if the decoder doesn't timeout quickly on damaged files. I assume this is the result of a (simple) cost-benefit- analysis by the people running the fuzzing systems. Nobody asks you to fix the issues, blocking them is an interesting concept security-wise. Carl Eugen _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
