[FFmpeg-devel] [PATCH] avcodec: Require avoptions for the user to set max_pixels.
Nicolas George
george at nsup.org
Sun Dec 11 17:06:00 EET 2016
Le primidi 21 frimaire, an CCXXV, Michael Niedermayer a écrit :
> Its explained in the patch comment above
>
> max_pixels should to be backported as it allows users to control memory
> use from large images better, avoid some OOMs and fixes issues which
> some people consider security bugs
> if its backported it will not be in the same location relative to the
> start of AVCodecContext in master, 3.2, 3.1, 3.0
> master, 3.2, 3.1, 3.0 all have the same soname
> libs using the same soname need to be binary compatible
> direct access to one location will not work and thus be binary
> incompatible if the field is at a different location
I think this is a terrible reason to make the code needlessly more
complicated.
I do not know where this new hype of treating OOM as a security issue
comes from, but if we go in that direction it will take much more than a
few ill-thought options to fix it.
OOM is not a security issue. If people want to avoid it, let them use
their operating system's features. And if there are other security
issues that this is supposed to fix, document them before proposing a
shaky fix.
And please do not clutter the code for the years to come like that.
Regards,
--
Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161211/16774c30/attachment.sig>
More information about the ffmpeg-devel
mailing list