oss-fuzz
FFmpeg
Our great sponsors
| oss-fuzz | FFmpeg | |
|---|---|---|
| 31 | 485 | |
| 9,879 | 42,374 | |
| 4.1% | 2.5% | |
| 9.9 | 10.0 | |
| 7 days ago | about 6 hours ago | |
| Shell | C | |
| Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
oss-fuzz
- Xz: Disable ifunc to fix Issue 60259
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
> because the ifunc code was breaking with all sorts of build options and obviously caused many problems with various sanitizers
for example, https://github.com/google/oss-fuzz/pull/10667
-
Ask HN: Any Good Fuzzer for gRPC?
Have you tried Googles grpc fuzzer?
https://github.com/google/oss-fuzz/blob/master/projects/grpc...
-
Pacemaker should be running open source software
https://www.fda.gov/medical-devices/digital-health-center-ex...
oss-fuzz: https://github.com/google/oss-fuzz :
> We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.
> Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
-
Fuzz Testing Is the Best Thing to Happen to Our Application Tests
I love fuzzing as a technique and use it quite regularly, but running AFL++ on even a single program occupies all threads of a high end AMD server for weeks. I'm running it locally so only paying for the electricity. If it was a cloud instance it would cost a small fortune. I think this is a reason it is not used more widely.
I will note that Google have a programme for doing fuzz testing on open source projects using computer from their cloud: https://google.github.io/oss-fuzz/
- Fixed Spelling Errors or Typos
- ELI5: How can downloading a pdf or word file give you a virus?
- OSS-Fuzz – continuous fuzzing for open source software
-
Mosh: An Interactive Remote Shell for Mobile Clients (2012) [pdf]
Yes, mosh has fuzz tests in oss-fuzz [1].
[1] https://github.com/google/oss-fuzz/tree/master/projects/mosh
-
Java Fuzzing with Jazzer compared to Symflower
We will explore how Jazzer is used to automatically generate malicious inputs for Java programs, and how it compares to Symflower, which can automatically generate unit tests to uncover bugs and errors in your code. With the help of Jazzer, many bugs - some of them even in the OpenJDK - were found already. Also, as of March 2021, Jazzer is officially part of OSS-Fuzz, Google's cloud fuzzing engine. It should be noted that Jazzer is a pure "bug detection" utility that finds reproducers for errors in user code. Symflower can do the same, but provides additional functionalities to boost developer productivity, like generating high coverage unit tests and providing test templates for the software developer or tester.
FFmpeg
-
Show HN: CompressX, my FFmpeg wrapper for macOS, made $9k in the last 4 months
GPL2
Since FFmpeg is GPL2, doesn’t that require CompressX to disclose its source code?
IANAL, apologies if I miss understand license requirements.
https://github.com/FFmpeg/FFmpeg?tab=License-1-ov-file
- Microsoft offered FFmpeg one-time payment instead of support contract
-
Writing x86 SIMD using x86inc.asm (2017)
This turns out to be a lot of assembly macros to help write one x86 assembly. https://github.com/FFmpeg/FFmpeg/blob/master/libavutil/x86/x...
The sibling comment recommending compiler intrinsics is probably the best way to go for writing SIMD code. A mixture of `` style types and intrinsics to specify instructions is a solid 90% solution compared to assembly.
If you want that last 10%, I think macros are putting the emphasis in the wrong place. They're a somewhat easy way to build up a language abstraction which will work if held carefully, but I'm confident the dev experience using this abstraction when you write invalid code will be deeply confusing.
I would suggest to write a parser instead of the macros. That'll tell you clearly when the syntax is invalid (though possibly not with much precision) and it'll give you a place to put semantic analysis for where valid syntax encodes nonsense. Do the equivalent of the macro expansions on the parsed tree instead of on the text. Emit asm as the "back end".
-
Video Generation with Python
You might have heard of FFMPEG or ImageMagick for image and video edition in a programmatic way. MoviePy is a Python module for video editing (Python wrapper for FFMPEG and ImageMagick). It provides functions for cutting, concatenations, title insertions, video compositing, video processing, and the creation of custom effects. It can read and write common video and audio formats and be run on any platform with Python 2.7 or 3+.
- I want some logically difficult c programs
- Looking for a good file converter for upload testing
- Best Way to Rip Rare DVDs?
-
11 Ways to Optimize Your Website
There are many cloud-based tools and websites that can convert your images, but the problem with these tools is that you usually have to upload the files for them to be processed, and some of their services are not free. In this article, I'd like to introduce a piece of software called FFmpeg, which allows you convert the images locally with one simple command.
-
AI-assisted removal of filler words from video recordings
To run the demo locally, be sure to have Python 3.11 and FFmpeg installed.
- Noob compression-ist here, looking to compress 10TB worth of video footage...
What are some alternatives?
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
mpv - 🎥 Command line video player
fuzzilli - A JavaScript Engine Fuzzer
ffmpeg-python - Python bindings for FFmpeg - with complex filtering support
ffmpeg-libav-tutorial - FFmpeg libav tutorial - learn how media works from basic to transmuxing, transcoding and more. Translations: 🇺🇸 🇨🇳 🇰🇷 🇪🇸 🇻🇳 🇧🇷
OpenH264 - Open Source H.264 Codec
libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
Exoplayer - An extensible media player for Android
uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
hlsdl - C program to download VoD HLS (.m3u8) files
ffmpeg-tutorial - A set of tutorials that demonstrates how to write a video player based on FFmpeg
GStreamer - GStreamer open-source multimedia framework