[Ffmpeg-devel] Coverity defect scan
Michael Niedermayer
michaelni
Sat Mar 11 01:37:10 CET 2006
Hi
On Fri, Mar 10, 2006 at 11:51:02PM +0100, Diego Biurrun wrote:
> On Fri, Mar 10, 2006 at 11:43:54PM +0100, Michael Niedermayer wrote:
> >
> > On Fri, Mar 10, 2006 at 11:34:07AM +0100, Diego Biurrun wrote:
> > >
> > > I recommend you to sign up with Coverity and get access to the list of
> > > bugs they found in MPlayer:
> > >
> > > http://scan.coverity.com/
> > >
> > > Quite a few of them are FFmpeg bugs.
> >
> > [...]
> >
> > btw, why is the list not available to the public?
>
> Some of these bugs are security-relevant...
ahh which is the best awnser
1. some gcc warnings too
2. which are? ;)
3. publishing sec holes is the best way to get them fixed quickly, not
publishing them leads to 6+ month of delay (see cvslog if you want to
know who it was who didnt fix known and trivial secholes, i fixed the
ones i found in my code, robert togni also fixed all in his instantly ...)
4. do you really think that registration will keep any bad guys from getting
their hands on this list if they want it? hell its not even https ...
[...]
--
Michael
More information about the ffmpeg-devel
mailing list