On Thu, May 28, 2020 at 02:23:34PM +0200, Michael Niedermayer wrote: > On Thu, May 28, 2020 at 11:14:15AM +0200, Jean-Baptiste Kempf wrote: > > On Thu, May 28, 2020, at 00:08, Kieran Kunhya wrote: > > > On Wed, 27 May 2020 at 22:53, Michael Niedermayer <[email protected]> > > > wrote: > > > > > > > On Sun, Mar 15, 2020 at 10:20:56PM +0100, Michael Niedermayer wrote: > > > > > This combination skips allocating large padding which can read out of > > > > array > > > > > > > > > > Fixes: > > > > 20978/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_H264_fuzzer-5746381832847360 > > > > > > > > > > Found-by: continuous fuzzing process > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > Signed-off-by: Michael Niedermayer <[email protected]> > > > > > --- > > > > > tools/target_dec_fuzzer.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > will apply > > > > > > > > > > Shouldn't there be warnings about FAST mode if it causes security issues? > > > > I agree here. > > Either we fix FAST mode, or it must come with important warnings. > > I suggest to add a AV_CODEC_FLAG2_FAST_UNSAFE and split the current > uses of the flag up between the 2 > > will submit a patch doing that unless i hear objections / a better > suggestion.
ill also disable the use that this would move in master to unsafe, in release branches thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
