From: Zhao Zhili <quinkblack-at-foxmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH 00/22] Deprecate av_uninit
Date: Fri, 11 Apr 2025 17:00:23 +0800
Message-ID: <tencent_2E0DD0B5E6CFA7CCAAA4532B9C428B87A606@qq.com> (raw)
In-Reply-To: <Z_jUgQrjVSXkDfvN@phare.normalesup.org>
> On Apr 11, 2025, at 16:36, Nicolas George <george@nsup.org> wrote:
>
> Zhao Zhili (HE12025-04-11):
>> From: Zhao Zhili <zhilizhao@tencent.com>
>>
>> The macro is meant to suppress false uninitialized warnings. However,
>> sometimes these 'false uninitialized warnings' are really undefined
>> behavior, and leading to real issue like crash, e.g., ab792634197e.
>>
>> For false uninitialized warnings, it can be silenced by initialization,
>> and compiler can easily optimize away unnecessary initializations.
>>
>> av_uninit shouldn't be used in any case.
>
> NAK, you are hiding the UBs, not fixing the bugs.
>
> If the author of the code put av_uninit, that means they believe the
> value will always have been initialized by the part of the code
> responsible for it. If that is not true, then it is a bug that can lead
> to an exploitable security issue or a silent data corruption.
>
> With your changes, nothing proves that the = 0 you put there is the
> right value, the bug is still there: the code expects the value to be
> correctly set, but instead there is an arbitrary 0.
>
> At least, with av_uninit, valgrind and fuzzing can find the bugs.
With UB, the compiler can remove branch check and assign some random
value to it, which cannot be detected by valgrind.
For ab792634197e, the UB is there for decades and never detected by
valgrind, and the warning is silenced by av_uninit.
>
> Regards,
>
> --
> Nicolas George
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2025-04-11 9:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-11 7:55 Zhao Zhili
2025-04-11 8:36 ` Nicolas George
2025-04-11 9:00 ` Zhao Zhili [this message]
2025-04-11 9:32 ` Nicolas George
2025-04-11 9:36 ` Zhao Zhili
2025-04-11 9:52 ` Nicolas George
2025-04-11 9:19 ` Zhao Zhili
2025-04-11 11:01 ` Andreas Rheinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_2E0DD0B5E6CFA7CCAAA4532B9C428B87A606@qq.com \
--to=quinkblack-at-foxmail.com@ffmpeg.org \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git