* [FFmpeg-devel] question about submitting security patches
@ 2025-11-08 8:34 Thomas Dullien via ffmpeg-devel
2025-11-10 16:03 ` [FFmpeg-devel] " Rémi Denis-Courmont via ffmpeg-devel
0 siblings, 1 reply; 3+ messages in thread
From: Thomas Dullien via ffmpeg-devel @ 2025-11-08 8:34 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Thomas Dullien
Hey all,
after the recent social media discussion around P0 reported bugs etc. I'd
like to
contribute a few patches for a few open crash bugs in the bugtracker (and
hopefully
for the remaining BIGSLEEP bug reports, too).
I am using a coding assistant combined with a stack of ASAN + rr, and while
I am not
an export on ffmpeg, I am some sort of expert on vulnerabilities.
I have prepared AI-assisted patches for https://trac.ffmpeg.org/ticket/11693
and
https://trac.ffmpeg.org/ticket/11691, and I'll review them some more but
both the
root-cause analysis and the patch seem good.
What's the best way to submit these patches? There is the bug tracker,
there is this
mailing list - what's the best way to contribute them?
Cheers,
Thomas
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] Re: question about submitting security patches
2025-11-08 8:34 [FFmpeg-devel] question about submitting security patches Thomas Dullien via ffmpeg-devel
@ 2025-11-10 16:03 ` Rémi Denis-Courmont via ffmpeg-devel
2025-11-10 16:19 ` Thomas Dullien via ffmpeg-devel
0 siblings, 1 reply; 3+ messages in thread
From: Rémi Denis-Courmont via ffmpeg-devel @ 2025-11-10 16:03 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Rémi Denis-Courmont
Le lauantaina 8. marraskuuta 2025, 10.34.24 Itä-Euroopan normaaliaika Thomas
Dullien via ffmpeg-devel a écrit :
> What's the best way to submit these patches? There is the bug tracker,
> there is this mailing list - what's the best way to contribute them?
I don't think that DNN-generated patches are compatible with the LGPL in the
first place, or it is at best very uncertain that they are. So then you cannot
contribute DNN-generated patches in any useful way at all.
--
Rémi Denis-Courmont
https://www.remlab.net/
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* [FFmpeg-devel] Re: question about submitting security patches
2025-11-10 16:03 ` [FFmpeg-devel] " Rémi Denis-Courmont via ffmpeg-devel
@ 2025-11-10 16:19 ` Thomas Dullien via ffmpeg-devel
0 siblings, 0 replies; 3+ messages in thread
From: Thomas Dullien via ffmpeg-devel @ 2025-11-10 16:19 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Cc: Rémi Denis-Courmont, Thomas Dullien
Hey there,
I've ended up creating a PR and made sure the patch code itself is
human-written, hence untainted - LLMs are just used in the crash triage and
analysis.
Thanks for the reply!
One (open) question: is generating commit messages by an LLM permissible,
or is that something that should also be done by human hand?
Cheers,
Thomas
On Mon, Nov 10, 2025, 5:04 PM Rémi Denis-Courmont via ffmpeg-devel <
ffmpeg-devel@ffmpeg.org> wrote:
> Le lauantaina 8. marraskuuta 2025, 10.34.24 Itä-Euroopan normaaliaika
> Thomas
> Dullien via ffmpeg-devel a écrit :
> > What's the best way to submit these patches? There is the bug tracker,
> > there is this mailing list - what's the best way to contribute them?
>
> I don't think that DNN-generated patches are compatible with the LGPL in
> the
> first place, or it is at best very uncertain that they are. So then you
> cannot
> contribute DNN-generated patches in any useful way at all.
>
> --
> Rémi Denis-Courmont
> https://www.remlab.net/
>
>
>
> _______________________________________________
> ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
> To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
>
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-10 21:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-11-08 8:34 [FFmpeg-devel] question about submitting security patches Thomas Dullien via ffmpeg-devel
2025-11-10 16:03 ` [FFmpeg-devel] " Rémi Denis-Courmont via ffmpeg-devel
2025-11-10 16:19 ` Thomas Dullien via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git