[FFmpeg-devel] [PATCH 2/9] avcodec/avcodec: Warn about data returned from get_buffer*()

epirat07 at gmail.com epirat07 at gmail.com
Sat Aug 17 02:32:56 EEST 2024 


On 17 Aug 2024, at 1:11, Michael Niedermayer wrote:

> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  doc/APIchanges       | 4 ++++
>  libavcodec/avcodec.h | 4 ++++
>  2 files changed, 8 insertions(+)
>
> diff --git a/doc/APIchanges b/doc/APIchanges
> index 173f317ea1b..53d164959c0 100644
> --- a/doc/APIchanges
> +++ b/doc/APIchanges
> @@ -2,6 +2,10 @@ The last version increases of all libraries were on 2024-03-07
>
>  API changes, most recent first:
>
> +2024-08-xx - xxxxxxxxx - lavc 61.11.100- avcodec.h
> +  Not really a change but get_buffer*() should not return
> +  sensitive data

IMO this is really hard to understand unless you look at exactly this
commit diff which most people reading the change log will not.

Maybe instead:

Clarify the documentation for get_buffer*() functions, making it
clear that the memory returned by them should not contain sensitive
information. This is not a change in the API and how it already worked
before.

> +
>  2024-08-10 - xxxxxxxxx - lavu 59.34.100 - hwcontext_vulkan.h
>    Add qf and nb_qf to AVVulkanDeviceContext.
>    Deprecate queue_family_index, nb_graphics_queues,
> diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
> index 2da63c87ea1..cc6dbfa59fe 100644
> --- a/libavcodec/avcodec.h
> +++ b/libavcodec/avcodec.h
> @@ -1175,6 +1175,10 @@ typedef struct AVCodecContext {
>       *   this callback and filled with the extra buffers if there are more
>       *   buffers than buf[] can hold. extended_buf will be freed in
>       *   av_frame_unref().
> +     *   decoders will generally initialize the whole buffer before it is output

„Decoders“ as this is the start of a sentence.

Maybe use \important to make this stand out more as a special consideration for this API
instead of just general description.

> +     *   but it can in rare error conditions happen that uninitialized data is passed
> +     *   through. The buffers returned by get_buffer* should thus not contain sensitive
> +     *   data.
>       *
>       * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
>       * avcodec_default_get_buffer2() instead of providing buffers allocated by
> -- 
> 2.46.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list