Improving performance of rav1d video decoder

(ohadravid.github.io)

305 points todsacerdoti | 2 comments | 22 May 25 11:59 UTC | HN request time: 0.414s | source

Show context

renewiltord ◴[22 May 25 15:11 UTC] No.44062877[source]▶

Oh this stuff is what’s prompting the ffmpeg Twitter account to make a stand against Rust https://x.com/ffmpeg/status/1924137645988356437?s=46

replies(3): >>44062997 #>>44063150 #>>44071382 #

mmastrac ◴[22 May 25 15:23 UTC] No.44062997[source]▶

>>44062877 #

Reading the ffmpeg twitter account is enough to turn me off using ffmpeg. It's a shame there's no real alternative -- the devs seem very toxic.

I mean sure, max performance is great if you control every part of your pipeline, but if you're accepting untrusted data from users-at-large ffmpeg has at least a half-dozen remotely exploitable CVEs a year. Better make sure your sandbox is tight.

https://ffmpeg.org/security.html

I feel like there's a middle ground where everyone works towards a secure and fast solution, rather than whatever position they've staked out here.

replies(4): >>44064579 #>>44067921 #>>44069583 #>>44071088 #

1. throwaway94487 ◴[22 May 25 17:43 UTC] No.44064579[source]▶

>>44062997 #

How many of those "remotely exploitable CVEs" have actually been exploited in the wild? Quite a few are denial-of-service and memory leak CVEs too, which Rust doesn't consider to be unsafe.

replies(1): >>44071069 #

2. saagarjha ◴[23 May 25 08:40 UTC] No.44071069[source]▶

>>44064579 (TP) #

More than enough are exploitable for this to be a problem.

↑