[FFmpeg-devel] [PATCH] avcodec/rscc: Avoid returning frames that have nearly no undamaged pixels in them
Carl Eugen Hoyos
ceffmpeg at gmail.com
Fri Jan 18 13:46:20 EET 2019
2019-01-17 22:58 GMT+01:00, Derek Buitenhuis <derek.buitenhuis at gmail.com>:
> On 17/01/2019 03:06, Carl Eugen Hoyos wrote:
>> You mean searching for security issues makes no sense?
>
> This isn't a security and it isn't a fix. It's a completely
> arbitrary statistic to make an arbitrary program happy.
No, you are completely missing the point.
Possible security issues in this decoder will only be
searched (and therefore found) if the decoder doesn't
timeout quickly on damaged files.
I assume this is the result of a (simple) cost-benefit-
analysis by the people running the fuzzing systems.
Nobody asks you to fix the issues, blocking them is an
interesting concept security-wise.
Carl Eugen
More information about the ffmpeg-devel
mailing list