2019-01-17 22:58 GMT+01:00, Derek Buitenhuis <derek.buitenh...@gmail.com>:
> On 17/01/2019 03:06, Carl Eugen Hoyos wrote:
>> You mean searching for security issues makes no sense?
> This isn't a security and it isn't a fix. It's a completely
> arbitrary statistic to make an arbitrary program happy.

No, you are completely missing the point.

Possible security issues in this decoder will only be
searched (and therefore found) if the decoder doesn't
timeout quickly on damaged files.
I assume this is the result of a (simple) cost-benefit-
analysis by the people running the fuzzing systems.

Nobody asks you to fix the issues, blocking them is an
interesting concept security-wise.

Carl Eugen
ffmpeg-devel mailing list

Reply via email to