Announcement

**DanL** · 12 October 2017, 12:41 PM

Is Fedora's ffmpeg package going to be built to use it or is it strictly a gstreamer plugin at this point?

**uid313** · 12 October 2017, 12:55 PM

But is it safe to let a decoder written in C decode any file you throw at it?
Shouldn't the decoder be written in Rust?

**DanL** · 12 October 2017, 01:11 PM

Originally posted by uid313 View Post

But is it safe to let a decoder written in C decode any file you throw at it?
Shouldn't the decoder be written in Rust?

The code is based on the fdkaac library, which was written in C and initially released years before Rust 1.0.
If you feel it's worth time/effort to rewrite it in Rust, go ahead and do so. No one's stopping you. As you've been told 1,000 times, complaining about non-Rust code on Phoronix accomplishes nothing (other than annoying your fellow Phoronix readers).
In other words, patches or cease whining.

**ChristianSchaller** · 12 October 2017, 01:24 PM

Originally posted by uid313 View Post

But is it safe to let a decoder written in C decode any file you throw at it?
Shouldn't the decoder be written in Rust?

We are happy to take patches

**caligula** · 12 October 2017, 01:27 PM

Originally posted by uid313 View Post

But is it safe to let a decoder written in C decode any file you throw at it?
Shouldn't the decoder be written in Rust?

Use seccomp or some other sandbox.

**starshipeleven** · 12 October 2017, 01:44 PM

Originally posted by uid313 View Post

But is it safe to let a decoder written in C decode any file you throw at it?
Shouldn't the decoder be written in Rust?

Can you please stop posting this every time some media decoder gets an update? It's annoying.

**Brisse** · 12 October 2017, 02:01 PM

Not sure how they solved the legal issues, but this is one of the best quality per bitrate AAC codecs out there, along with FhG and Apple's AAC. The thing with AAC is that quality and performance can differ massively depending on which encoder is used, unlike Vorbis and Opus where there is an excellent reference encoder available.

**uid313** · 12 October 2017, 02:23 PM

Originally posted by caligula View Post

Use seccomp or some other sandbox.

But then each application has to be responsible for implementing that, or the user who runs the application.
It would be better if the parsers and decoders were designed to be inherently safe.

**uid313** · 12 October 2017, 02:26 PM

Originally posted by starshipeleven View Post

Can you please stop posting this every time some media decoder gets an update? It's annoying.

I am scared of websites having <video src="evil.aac">, <video src="evil.mp4"> and it try a list of dozens different codecs and formats that might be installed on the system with payloads generated through fuzzing.
It is scary. It sounds like a huge security hole. A simple HTML page or forum post might be enough to hack every Linux user that visits.

Announcement

Fedora Linux Can Finally Offer AAC Audio Codec Support

Fedora Linux Can Finally Offer AAC Audio Codec Support

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment