For the last two years, Google has been using its data centers to perform large-scale automated testing called fault injection (commonly known as fuzzing) on FFmpeg, a free software project that produces libraries and programs for recording, converting, and streaming audio and video. The company today announced it has helped fixed over 1,000 bugs in the project, including some security issues.
FFmpeg is used in multiple applications and software libraries, including Chrome, MPlayer, VLC, and xine. Google has also simultaneously worked with the developers of Libav, an independent fork of FFmpeg, to help fix over 400 bugs.
F**k it, we'll do it live!
“We are continuously improving our corpus and fuzzing methods and will continue to work with both FFmpeg and Libav to ensure the highest quality of the software as used by millions of users behind multiple media players,” Google promises. “Until we can declare both projects ‘fuzz clean’ we recommend that people refrain from using either of the two projects to process untrusted media files.”
Image Credit: Miguel Saavedra