[FFmpeg-devel] [PATCH] avcodec: Require avoptions for the user to set max_pixels.

Nicolas George george at nsup.org
Sun Dec 11 18:29:28 EET 2016

Le primidi 21 frimaire, an CCXXV, Michael Niedermayer a écrit :
> As long as it is not documented that you need to run libavcodec/format
> in a seperate process it is a security issue if you crash.

This is not specific to FFmpeg and documented in books and courses on
development in general.

> iam not really in the camp that belives that these OOM crashes are
> a real security issue nor am i in the camp that belives they are non
> issues. (i in fact had pointed some security researchers who reported
> some OOM issues to threads here previously and the effect of that
> was that they simply registered CVE# for the issues and published
> them (after some time) not bothering to inform me about either)
> i had hoped they would join the discussions ...

The short summary you give here makes it look that these so-called
security "researchers" are just idiots.

> What id like to do is simply fix the issues i can fix. The max_pixels
> and max_streams code is doing that.

No, they do not. They mitigate a few corner cases at the cost of
complexity and brittleness.

> And compltely indepandant of the security aspect, the pixels and
> streams are special in that they can cause OOM crashes without being
> crafted input files, in fact totally valid files can trigger it.

Which is another clue that OOM is not a security issue in itself.

My opinion:

Revert all this while we still can just do it without extra work.


  Nicolas George
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161211/acb0f4b8/attachment.sig>

More information about the ffmpeg-devel mailing list