Hacker News new | ask | show | jobs
by amenod 2734 days ago
Also, VLC has a huge attack surface - binary parsing is difficult to do right in C / C++. I hope this effort makes the crashes less frequent...
2 comments
cyphar 2734 days ago
There's work going on (since 2016) to port the parsers to Rust[1]. I believe that a few already are written in Rust, and it'd be great if some Rust folks would help out with the effort.

[1]: https://youtu.be/YTy_JOxGOd4

link
justaj 2734 days ago
Is mpv [0] better in this regard?

0: https://mpv.io/

link
kilotaras 2734 days ago
GP isn't saying that VLC is unsafe, but rather that C (which VLC is written in) tends to be unsafe. Seeing as MPV is also written in C, it's absolutely the same in that regard.
link
Nullabillity 2733 days ago
AFAIK both VLC and mpv use FFmpeg's codecs, so their attack surfaces should be similar.
link