[FFmpeg-devel] [PATCH 2/3] avformat: reject FFmpeg-style merged side data in raw packets

wm4 nfxjfg at googlemail.com
Thu Mar 9 13:31:34 EET 2017

On Thu, 9 Mar 2017 12:16:09 +0100
Nicolas George <george at nsup.org> wrote:

> Now, please answer this very specific question:
> If someone were to REMOVE ALL AND EVERY use of
> av_packet_merge_side_data() and av_packet_split_side_data(), what would
> be the actual bad consequences?

Simply that API users, which pass only the packet data itself from
libavformat to libavcodec, will break in cases where the side data is
"required". The argument is that such API users exist because they
cannot pass the AVPacket reference along, but have to go through their
own layers, which can transport only the raw packet data itself and
maybe timestamps.

> But before you start with fuzzing or anything similar, let me stop you:
> fuzzing exposes bugs that can be triggered by crafted inputs. If fuzzing
> can not trigger it, that means the bug does not exist, period.

I think the argument is that it's easier to fuzz side-data related
things if side data can be accidentally read from raw packets that look
like they have merged side data.

More information about the ffmpeg-devel mailing list