Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on January 10, 2014

Google says it has helped fix over 1,000 bugs in FFmpeg via two years of fuzzing

Google says it has helped fix over 1,000 bugs in FFmpeg via two years of fuzzing
Emil Protalinski
Story by

Emil Protalinski

Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, incl Emil was a reporter for The Next Web between 2012 and 2014. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, TechSpot, ZDNet, and CNET. Stay in touch via Facebook, Twitter, and Google+.

For the last two years, Google has been using its data centers to perform large-scale automated testing called fault injection (commonly known as fuzzing) on FFmpeg, a free software project that produces libraries and programs for recording, converting, and streaming audio and video. The company today announced it has helped fixed over 1,000 bugs in the project, including some security issues.

FFmpeg is used in multiple applications and software libraries, including Chrome, MPlayer, VLC, and xine. Google has also simultaneously worked with the developers of Libav, an independent fork of FFmpeg, to help fix over 400 bugs.

“We are continuously improving our corpus and fuzzing methods and will continue to work with both FFmpeg and Libav to ensure the highest quality of the software as used by millions of users behind multiple media players,” Google promises. “Until we can declare both projects ‘fuzz clean’ we recommend that people refrain from using either of the two projects to process untrusted media files.”

➤ FFmpeg and a thousand fixes (Mateusz Jurczyk and Gynvael Coldwind)

Image Credit: Miguel Saavedra