Google Online Security Blog: FFmpeg and a thousand fixes(情報元のブックマーク数)
Googleさん関係ないけど、ファジングをすげー自動化して、見つけたぜ!らしい
で、ffmpegの脆弱性と修正が一気にあったのでアナウンスらしい
反復ファジングすげぇ
At Google, security is a top priority - not only for our own products, but across the entire Internet. That’s why members of the Google Security Team and other Googlers frequently perform audits of software and report the resulting findings to the respective vendors or maintainers, as shown in the official “Vulnerabilities - Application Security” list. We also try to employ the extensive computing power of our data centers in order to solve some of the security challenges by performing large-scale automated testing, commonly known as fuzzing.
Google Online Security Blog: FFmpeg and a thousand fixes
One internal fuzzing effort we have been running continuously for the past two years is the testing process of FFmpeg, a large cross-platform solution to record, convert and stream audio and video written in C. It is used in multiple applications and software libraries such as Google Chrome, MPlayer, VLC or xine. We started relatively small by making use of trivial mutation algorithms, some 500 cores and input media samples gathered from readily available sources such as the samples.mplayerhq.hu sample base and FFmpeg FATE regression testing suite. Later on, we grew to more complex and effective mutation methods, 2000 cores and an input corpus supported by sample files improving the overall code coverage.
- 作者: 月村潤,本間雅洋,堀田直孝,原一浩,足立健誌,尾花衣美,堀内康弘,寺田学
- 出版社/メーカー: 毎日コミュニケーションズ
- 発売日: 2008/01/29
- メディア: 単行本(ソフトカバー)
- 購入: 8人 クリック: 240回
- この商品を含むブログ (26件) を見る
- 作者: Jesse Russell,Ronald Cohn
- 出版社/メーカー: Book on Demand Ltd.
- 発売日: 2012/08/18
- メディア: オンデマンド (ペーパーバック)
- この商品を含むブログ (1件) を見る
MPEG4入門―「圧縮の基本」から「MPEGの基本」「MPEG4の実際」まで (I・O BOOKS)
- 作者: 瀧本往人
- 出版社/メーカー: 工学社
- 発売日: 2006/09
- メディア: 単行本
- 購入: 2人 クリック: 109回
- この商品を含むブログ (4件) を見る