[gst-devel] We should use alloca(3).

Benjamin Otte in7y118 at public.uni-hamburg.de
Sun Apr 4 06:38:30 CEST 2004

On Sat, 3 Apr 2004, Colin Walters wrote:

> On Fri, 2004-04-02 at 20:36, David Schleef wrote:
> > [...] I think these are both problems we'd
> > like to avoid, especially since some day, GStreamer may be expected
> > to handle untrusted media files.
> Err...I would expect it to already.  If GStreamer isn't willing to even
> try at this it shouldn't be included in GNOME and installed on hundreds
> of thousands or millions of machines.  Security is very important.
I believe David wanted to say that the difference between GStreamer and
"being expected to handle untrusted media files" is the current focus.
We're not doing regular security audits of our decoders for example. We're
certainly not writing code that is deliberately unsecure. But looking at
the number of plugins and the code associated with them (including
dependencies) I wouldn't be surprised if you could find quite some security
holes. :/


More information about the gstreamer-devel mailing list