diff mbox series

[FFmpeg-devel,2/9] avcodec/avcodec: Warn about data returned from get_buffer*()

Message ID 20240816231157.3166012-2-michael@niedermayer.cc
State New
Headers show
Series [FFmpeg-devel,1/9] avformat/rmdec: check that bug if completely filled | expand

Commit Message

Michael Niedermayer Aug. 16, 2024, 11:11 p.m. UTC
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 doc/APIchanges       | 4 ++++
 libavcodec/avcodec.h | 4 ++++
 2 files changed, 8 insertions(+)

Comments

Marvin Scholz Aug. 16, 2024, 11:32 p.m. UTC | #1
On 17 Aug 2024, at 1:11, Michael Niedermayer wrote:

> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  doc/APIchanges       | 4 ++++
>  libavcodec/avcodec.h | 4 ++++
>  2 files changed, 8 insertions(+)
>
> diff --git a/doc/APIchanges b/doc/APIchanges
> index 173f317ea1b..53d164959c0 100644
> --- a/doc/APIchanges
> +++ b/doc/APIchanges
> @@ -2,6 +2,10 @@ The last version increases of all libraries were on 2024-03-07
>
>  API changes, most recent first:
>
> +2024-08-xx - xxxxxxxxx - lavc 61.11.100- avcodec.h
> +  Not really a change but get_buffer*() should not return
> +  sensitive data

IMO this is really hard to understand unless you look at exactly this
commit diff which most people reading the change log will not.

Maybe instead:

Clarify the documentation for get_buffer*() functions, making it
clear that the memory returned by them should not contain sensitive
information. This is not a change in the API and how it already worked
before.

> +
>  2024-08-10 - xxxxxxxxx - lavu 59.34.100 - hwcontext_vulkan.h
>    Add qf and nb_qf to AVVulkanDeviceContext.
>    Deprecate queue_family_index, nb_graphics_queues,
> diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
> index 2da63c87ea1..cc6dbfa59fe 100644
> --- a/libavcodec/avcodec.h
> +++ b/libavcodec/avcodec.h
> @@ -1175,6 +1175,10 @@ typedef struct AVCodecContext {
>       *   this callback and filled with the extra buffers if there are more
>       *   buffers than buf[] can hold. extended_buf will be freed in
>       *   av_frame_unref().
> +     *   decoders will generally initialize the whole buffer before it is output

„Decoders“ as this is the start of a sentence.

Maybe use \important to make this stand out more as a special consideration for this API
instead of just general description.

> +     *   but it can in rare error conditions happen that uninitialized data is passed
> +     *   through. The buffers returned by get_buffer* should thus not contain sensitive
> +     *   data.
>       *
>       * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
>       * avcodec_default_get_buffer2() instead of providing buffers allocated by
> -- 
> 2.46.0
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Michael Niedermayer Aug. 17, 2024, 11:32 p.m. UTC | #2
On Sat, Aug 17, 2024 at 01:32:56AM +0200, epirat07@gmail.com wrote:
> 
> 
> On 17 Aug 2024, at 1:11, Michael Niedermayer wrote:
> 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  doc/APIchanges       | 4 ++++
> >  libavcodec/avcodec.h | 4 ++++
> >  2 files changed, 8 insertions(+)
> >
> > diff --git a/doc/APIchanges b/doc/APIchanges
> > index 173f317ea1b..53d164959c0 100644
> > --- a/doc/APIchanges
> > +++ b/doc/APIchanges
> > @@ -2,6 +2,10 @@ The last version increases of all libraries were on 2024-03-07
> >
> >  API changes, most recent first:
> >
> > +2024-08-xx - xxxxxxxxx - lavc 61.11.100- avcodec.h
> > +  Not really a change but get_buffer*() should not return
> > +  sensitive data
> 
> IMO this is really hard to understand unless you look at exactly this
> commit diff which most people reading the change log will not.
> 
> Maybe instead:
> 
> Clarify the documentation for get_buffer*() functions, making it
> clear that the memory returned by them should not contain sensitive
> information. This is not a change in the API and how it already worked
> before.

ok will apply something very similar to your suggestion

thx

[...]
diff mbox series

Patch

diff --git a/doc/APIchanges b/doc/APIchanges
index 173f317ea1b..53d164959c0 100644
--- a/doc/APIchanges
+++ b/doc/APIchanges
@@ -2,6 +2,10 @@  The last version increases of all libraries were on 2024-03-07
 
 API changes, most recent first:
 
+2024-08-xx - xxxxxxxxx - lavc 61.11.100- avcodec.h
+  Not really a change but get_buffer*() should not return
+  sensitive data
+
 2024-08-10 - xxxxxxxxx - lavu 59.34.100 - hwcontext_vulkan.h
   Add qf and nb_qf to AVVulkanDeviceContext.
   Deprecate queue_family_index, nb_graphics_queues,
diff --git a/libavcodec/avcodec.h b/libavcodec/avcodec.h
index 2da63c87ea1..cc6dbfa59fe 100644
--- a/libavcodec/avcodec.h
+++ b/libavcodec/avcodec.h
@@ -1175,6 +1175,10 @@  typedef struct AVCodecContext {
      *   this callback and filled with the extra buffers if there are more
      *   buffers than buf[] can hold. extended_buf will be freed in
      *   av_frame_unref().
+     *   decoders will generally initialize the whole buffer before it is output
+     *   but it can in rare error conditions happen that uninitialized data is passed
+     *   through. The buffers returned by get_buffer* should thus not contain sensitive
+     *   data.
      *
      * If AV_CODEC_CAP_DR1 is not set then get_buffer2() must call
      * avcodec_default_get_buffer2() instead of providing buffers allocated by