[g_airborne]

Can’t agree more. Every codec implementation or video-related software package is just a giant pile of pointer-heavy C/C++ code. It’s not a bad thing because it’s fast and practically still the only way to do it. But looking at cosebases like VLC and especially ffmpeg makes me a little nervous. How many bugs like this are hidden in these libraries that we don’t know about?

[thephyber]

IIRC, there was a project within the VLC team to port a codec to rust (it was shown off at a con talk IIRC). I'm curious what happened to that project.

Also, it looks like the VLC Summer of Code ("SoC") 2020[1] mentions a potential project for fuzzing.

[1] https://wiki.videolan.org/SoC_2020/

[mappu]

Kostya (long time ffmpeg contributor from e.g. RV40 reverse engineering) moved on to writing a greenfield ffmpeg alternative purely in Rust, with all new codecs, named NihAV.

Follow the blog: https://codecs.multimedia.cx/ but there's no source code release yet AFAIK.

[lsofzz]

> Follow the blog: https://codecs.multimedia.cx/ but there's no source code release yet AFAIK.

Nice; though the documentation/blog is quite hard to follow :)

[JordanFarmer]

What would you think about sandboxing all media related components?

[lsofzz]

> What would you think about sandboxing all media related components?

You have to be very _specific_ when you say _sandboxing_. Since, the attack surface is mostly at the decoding layer - there are at least few dozen ways to sandbox the processing logic on modern UNIX-like OS based on the requirements:

1. Farm out, give it its own namespace and filtered list of seccomp2 calls to do the decoding.

2. Farm out, compartmentalize the decoding layer to BSD jails

3. Same as 2) but using chroot - give the necessary libs/bins/mount

4. Farm out, run the decoding components on a separate VM - somewhat akin to QubeOS.

5. Farm out, run ephemeral spark jobs to process the decoding on a compartmentalized VMs/Containers....

These days the word _sandbox_ is overloaded.

It used to be that you put things that are in userland under selinux and go to bed at night.....