On Wed, Aug 14, 2019 at 06:02:13PM +0200, Paul B Mahol wrote:
> On Mon, Aug 12, 2019 at 9:20 PM Michael Niedermayer <mich...@niedermayer.cc>
> wrote:
> > Fixes: Timeout (14sec -> 133ms)
> > Fixes:
> > 14843/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5661969614372864
> > Fixes:
> > 16257/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_NUV_fuzzer-5769175464673280
> > (35sec ->0.5sec)
> >
> >
> Why? This is bad idea, same like for qtrle and bunch of other cases.

This was discussed previously IIRC
Either a codec can be used to turn tiny input to huge number of output frames 
by frame duplication. or
it doesnt do the duplication and rather provides metadata of some sort

In the first case if the next step is a filter it can be slower
In the first case if the next step is a variable fps encoder it can be slower
in the first case it can make a DOS attack less expensive for an attacker

The second case, that is with metadata for example not returning a frame but
relying on timestamps these issues are reduced
thats why i suggest that way but if the community prefers something else then
sure it can be done. But from what i remember the oppinions where mixed on
which way is preferred


Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Asymptotically faster algorithms should always be preferred if you have
asymptotical amounts of data

Attachment: signature.asc
Description: PGP signature

ffmpeg-devel mailing list

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to