Improving performance of rav1d video decoder

(ohadravid.github.io)

305 points todsacerdoti | 2 comments | 22 May 25 11:59 UTC | HN request time: 0s | source

Show context

renewiltord ◴[22 May 25 15:11 UTC] No.44062877[source]▶

Oh this stuff is what’s prompting the ffmpeg Twitter account to make a stand against Rust https://x.com/ffmpeg/status/1924137645988356437?s=46

replies(3): >>44062997 #>>44063150 #>>44071382 #

mmastrac ◴[22 May 25 15:23 UTC] No.44062997[source]▶

>>44062877 #

Reading the ffmpeg twitter account is enough to turn me off using ffmpeg. It's a shame there's no real alternative -- the devs seem very toxic.

I mean sure, max performance is great if you control every part of your pipeline, but if you're accepting untrusted data from users-at-large ffmpeg has at least a half-dozen remotely exploitable CVEs a year. Better make sure your sandbox is tight.

https://ffmpeg.org/security.html

I feel like there's a middle ground where everyone works towards a secure and fast solution, rather than whatever position they've staked out here.

replies(4): >>44064579 #>>44067921 #>>44069583 #>>44071088 #

1. oguz-ismail ◴[23 May 25 03:24 UTC] No.44069583[source]▶

>>44062997 #

>Reading the ffmpeg twitter account is enough to turn me off using ffmpeg.

What's the alternative?

replies(1): >>44073168 #

2. mmastrac ◴[23 May 25 14:21 UTC] No.44073168[source]▶

>>44069583 (TP) #

There is not much, unless you're working with AV1. rav1d is the alternative there but you've got to trade off some performance for security gains.

ffmpeg is a monopoly in the space which means that you either take the exact set of tradeoffs they offer, or... well, you have no alternatives, so take it.

Of course the alternatives are never going to be as good as the originals until they've had more effort put into them. It took _years_ until the Rust gzip/zip libraries surpassed the C ones while being more secure overall.

↑