Google fixes a thousand bugs in FFmpeg
Google is a technology juggernaut. Barely a day goes by without the company making some sort of news. After all, it has its fingers in so many things -- search, ads, software. Most recently, the company drew the ire of the technology community by integrating Google+ with Gmail.
However, not all news from the search giant is Google+ sadness. Today, the company announces that it has been working to improve FFmpeg -- a cross-platform multimedia library and program solution. In fact, Google has fixed a massive one thousand bugs.
"Security is a top priority -- not only for our own products, but across the entire Internet. That's why members of the Google Security Team and other Googlers frequently perform audits of software and report the resulting findings to the respective vendors or maintainers, as shown in the official 'Vulnerabilities -- Application Security' list. We also try to employ the extensive computing power of our data centers in order to solve some of the security challenges by performing large-scale automated testing, commonly known as fuzzing", says Google.
The search giant further explains, "one internal fuzzing effort we have been running continuously for the past two years is the testing process of FFmpeg, a large cross-platform solution to record, convert and stream audio and video written in C. It is used in multiple applications and software libraries such as Google Chrome, MPlayer, VLC or xine. Following more than two years of work, we are happy to announce that the FFmpeg project has incorporated more than a thousand fixes to bugs (including some security issues) that we have discovered in the project so far".
Google has fixed the following bug types:
- NULL pointer dereferences
- Invalid pointer arithmetic leading to SIGSEGV due to unmapped memory access
- Out-of-bounds reads and writes to stack, heap and static-based arrays
- Invalid free() calls
- Double free() calls over the same pointer
- Division errors
- Assertion failures
- Use of uninitialized memory
While FFmpeg is used in many different programs, please notice that it is used in Google's own web browser, Chrome. In other words, Google's actions benefit Google, this is not a charity case; helping the community is merely a byproduct. Either way though, the search giant should be applauded for its contributions. But please Google, don't sneak Google+ into FFmpeg, OK?