[FFmpeg-devel] [PATCH 2/9] avcodec/avcodec: Warn about data returned from get_buffer*()
epirat07 at gmail.com
epirat07 at gmail.com
Sat Aug 17 02:32:56 EEST 2024
On 17 Aug 2024, at 1:11, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> doc/APIchanges | 4 ++++
> libavcodec/avcodec.h | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/doc/APIchanges b/doc/APIchanges
> index 173f317ea1b..53d164959c0 100644
> --- a/doc/APIchanges
> +++ b/doc/APIchanges
> @@ -2,6 +2,10 @@ The last version increases of all libraries were on 2024-03-07
>
> API changes, most recent first:
>
> +2024-08-xx - xxxxxxxxx - lavc 61.11.100- avcodec.h
> + Not really a change but get_buffer*() should not return
> + sensitive data
IMO this is really hard to understand unless you look at exactly this
commit diff which most people reading the change log will not.
Maybe instead:
Clarify the documentation for get_buffer*() functions, making it
clear that the memory returned by them should not contain sensitive
information. This is not a change in the API and how it already worked
before.
> +
> 2024-08-10 - xxxxxxxxx - lavu 59.34.100 - hwcontext_vulkan.h
> Add qf and nb_qf to AVVulkanDeviceContext.
> Deprecate queue_family_index, nb_graphics_queues,
> diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
> index 2da63c87ea1..cc6dbfa59fe 100644
> --- a/libavcodec/avcodec.h
> +++ b/libavcodec/avcodec.h
> @@ -1175,6 +1175,10 @@ typedef struct AVCodecContext {
> * this callback and filled with the extra buffers if there are more
> * buffers than buf[] can hold. extended_buf will be freed in
> * av_frame_unref().
> + * decoders will generally initialize the whole buffer before it is output
„Decoders“ as this is the start of a sentence.
Maybe use \important to make this stand out more as a special consideration for this API
instead of just general description.
> + * but it can in rare error conditions happen that uninitialized data is passed
> + * through. The buffers returned by get_buffer* should thus not contain sensitive
> + * data.
> *
> * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
> * avcodec_default_get_buffer2() instead of providing buffers allocated by
> --
> 2.46.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list