GSoC/GCI Archive
Google Code-in 2011 VideoLAN

Find a security vulnerability in any Libav decoder/demuxer

completed by: Shitiz Garg

mentors: Ronald S. Bultje

You will learn about finding security vulnerabilities in Libav. You will get our standard set of test files that cover most (decoding/demuxer) functionality in Libav, e.g. reading of AVI files or decoding of H.264 video. You will learn how to (automatically) change those files so that they become corrupt. If Libav is programmed correctly, it will tell you that the file is corrupt. If we did a sloppy job at programming the decoder or demuxer, it will skip past the corruption point and do random things (like as if the input was random). That's still OK, as long as it doesn't crash, read/write from invalid memory locations, etc. You goal is to do and find a file, any file, that crashes Libav or causes invalid memory accesses.