Le tiistaina 22. huhtikuuta 2025, 7.20.26 Itä-Euroopan kesäaika softworkz . a
écrit :
> Hi Stefano, Andreas, Nicolas
> and of course, anybody who's interested in the AVTextFormat APIs,
>
>
> let me start by saying that I have no intention to rush the
> publicization of those APIs. I think there's still a way to go.
> But it's also true that when you don't have a clear understanding
> of where you actually want to go, you'll hardly arrive there.
>
> At the implementation level, I sensed that "you" ("FFmpeg")
> are following some principles which are somewhat contradictive to
> those that I'm usually adhering to (e.g. "parameter validation
> being a responsibility of the call site, crashing otherwise
> being acceptable"). Nonetheless, I'm the one who has to adapt,
> and I'm not going to question that.
How do you validate parameters in C in the first place? Pointers are so
pervasive (in general, as in FFmpeg), and essentially impossible to validate.
How do you prevent crashing on invalid pointers?
I feel that what you think you are usually doing is not what you think that
you are actually usually doing.
It makes sense to validate inputs if you are on a trust boundary and/or
deserialising data. But that's about the only cases (and it's debatable if
those aren't even two sides of the same coin).
--
ヅニ-クーモン・レミ
Hagalund ny stad, f.d. Finska republik Nylands
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
