Perpare for the next release #115
Comments
|
Do you have plans for these? |
|
Sure. |
|
Coverage is roughly 100% =) Woo-hoo 
|
|
Love it @eustas -- thanks so much for all your hard work on this! I'm a Unity and Go dev for many years now. I once shipped an audio engine many years back using iOS CoreAudio Units, so I highly appreciate devs who know how important high performing and reliable realtime AV code is. I'm not using faad2 yet, but my upcoming worklist is to add AAC support for my FMOD projects using faad2 (using the FMOD codec plugin). One decision I'm still weighing if the plan to use CMake etc or to use Cgo and contribute a Go wrapper/bindings for faad2. Or perhaps someone has already done the heavy lifting to plug faad2 into FMOD? |
|
I also was thinking about adding |
|
Indeed. I think, if we need to touch the build system, it should be cmake. |
|
Currently there are 9 open issues for "fixed point" decoding. Likely there are less root causes. None look dangerous. Hopefully will deal with those this / next week. |
Nice, way to go! |
|
5 issues at the moment (again, all in fixed) |
|
@eustas how are things going? |
|
Last month was busy with other projects. Hope to get back to FAAD and resolve the remaining issues in mid-August. Sorry for the delays... |
|
@eustas Sorry to bug you again. But, is there anything in the making that would make sense waiting for? Or are we fine to tag the current state of the source as the 2.11 release? |
|
As it was discussed earlier, it is fine to cut 2.11 release (if there are any fixed-point users... well, they should be aware that such build is not flawless, but will become better one day =)) |
|
I see, thanks! One last thing. Could you please help me and summarize the most important changes that you introduced during this cycle, so I have a bit more that I could add to the changelog than "@eustas fixed an overflow, and then another one, and then some undefined behaviour, and then another one, ..." 😉 |
|
Sure. Will try to prepare it tomorrow. |
|
NB: perhaps we should look into patches used by embedders, e.g. VLC; sometimes they fix real problems, sometimes we could make their live easier by adding more compilation options (== ifdefs). |
|
Definitely! I think they even contributed some of their patches back during the previous release cycle. https://code.videolan.org/videolan/vlc/-/tree/master/contrib/src/faad2?ref_type=heads |
It doesn't have to be exhaustive. Just help me summarize what you have changed since the last release, please. |
|
Sorry, fallen off my radar. Will try to do it today / tomorrow. |
CI/CD, build, etc
"Safe" bugs"Safe" means that it is unlikely to be exploited; those affect the decoded
"Almost Safe" bugs"Almost safe" means that those are unlinkly to be exploited; if those surface
"Unsafe" bugs"Unsafe" means that those can cause crash, or could somehow else be exploited.
|
|
Perfect, thank you so much! Could you please bring the CVEs into context as well, then that'd be it for me. |
|
Sure. Will look for them today, or on Monday morning. |
|
There seem to be just 2 reported: |
|
Keep up the great work gents! If it's any motivation, ready here to test as a codec ext for FMOD on macOS, windows, android, and iOS. |
|
Yes, these were the two CVEs. |
|
So, which of the changelog entries do the CVE ids apply to? |
|
CVE-2023-38857 is fixed by "CLI: crash because of wrong mp4 frame offset calculation" CVE-2023-38857 is fixed by "CLI: accessing unallocated memory in mp4info" |
Checklist:
The text was updated successfully, but these errors were encountered: