GSoC/GCI Archive
Google Code-in 2011 VideoLAN

Find a security vulnerability in any VLC decoder/demuxer

completed by: Cheng Sun

mentors: Jean-Baptiste Kempf

You will learn about finding security vulnerabilities in VLC. You will get our standard set of test files that cover most (decoding/demuxer) functionality in VLC, e.g. reading of AVI files or decoding of H.264 video. You will learn how to (automatically) change those files so that they become corrupt. If VLC is programmed correctly, it will tell you that the file is corrupt. If we did a sloppy job at programming the decoder or demuxer, it will skip past the corruption point and do random things (like as if the input was random). That's still OK, as long as it doesn't crash, read/write from invalid memory locations, etc. You goal is to do and find a file, any file, that crashes VLC or causes invalid memory accesses.