[FFmpeg-user] ffmpeg 1.0.5 and buffer underflow - Update

Reindl Harald h.reindl at thelounge.net
Sat May 4 15:25:14 CEST 2013



Am 04.05.2013 15:09, schrieb Jan Ehrhardt:
> Reindl Harald in gmane.comp.video.ffmpeg.user (Sat, 04 May 2013 13:31:17
> +0200):
>> "-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4" are
>> default for ANY package of most linux-distributions since years for
>> security reasons
>>
>> and for a hardening build you enable "-fPIC -fPIE -fstack-protector-all"
>> too as also "-Wl,-z,now -Wl,-z,relro" as LDFLAGS
>>
>> yes, they affect performance, but security first
> 
> Do they affect compiler performance or also the performance of the final
> build?

the performance of the final build, how esle should this work
if there is code added, on i386 it hurts around 10% but on x86_64
at least the overhead of -fPIC -fPIE can be ignored

who cares about 10% performance in case of more security?
well, nobody said "make it default", but Carls attitude was
"why do you not remove it" which is plain wrong

hence if i have a server where users can upload videos which are
rpcoeeded in a cronjob i do not care about some % performance but
i do care if someone exploits my machine with bad input

http://en.wikipedia.org/wiki/Buffer_overflow_protection#GCC_Stack-Smashing_Protector_.28ProPolice.29

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-user/attachments/20130504/b8f75c90/attachment.asc>


More information about the ffmpeg-user mailing list