An unfortunate description
Posted Mar 15, 2012 18:04 UTC (Thu) by khim
In reply to: An unfortunate description
Parent article: Idealism vs. pragmatism: Mozilla debates supporting H.264 video playback (ars technica)
It seems like all that the Gecko developers would need to do is to make a whitelist containing entries for only VP8, Ogg, and Matroska (possibly allowing for users to edit the whitelist on their own installations, at their own risk), and leave it up to GStreamer to decide which particular implementation of those codecs and containers it will use.
What this whitelist will actually accomplish? VP8, Ogg, and Matroska parsers - they all have bugs. Just today I've tried to watch video and it crashed demuxer. I've used alternative one (“lavf” instead of “mkv”) and was able to see the video. But the very fact that I was able to crash player means that this particular version should not be included in whitelist.
That way, all of the many other codecs and containers supported by GStreamer are excluded from the "attack surface" that the browser exposes to untrusted remote servers.
This still leaves wast attack surface. Unfortunately.
When app developers adopt the NIH attitude like Mozilla developers have done (or alternately, when they do use third-party libraries, but fork them and build the forked versions into the app, which is what Chromium/Chrome developers tend to do), it violates the engineering principle of modularity (a.k.a. "do one thing and do it well"), and ultimately causes a tragedy-of-the-commons where all app developers need to go to great effort to implement pieces of functionality that have already been implemented elsewhere (thus negating one of the major potential benefits of FLOSS).
Now we are down to basic handwaving. The fact is: codec developers don't consider it a “big deal” if you can crash their creations using “bad files” - and aforementioned “advanced GPU-based capabilities” are especially notorious. When and if most codec developers will start consider such things really important it'll be safe to use them in browser. I, for one, don't hold my breath.
to post comments)