• General
  • Safe implementation of H.264 and other codecs

Hi,

I just saw this video from Black Hat 2023 which describes how implementation of codecs like H.264 can be badly implemented and therefore represent a security risk. The decoding happens in kernel and just receiving a video can crash your system (since your device creates a thumbnail).

Does the GrapheneOS team have any focus on this at all? Or is all the codecs installed in the Pixels just what is provided from Google/Snapdragon etc.?

I can see how GrapheneOS may take advantage of all the hardening and MTE to discover bugs in the video codecs implementation in the Tensor chips. I don't have the knowledge to know if this is even possible, but maybe the team can chime in?

Black Hat 2023: The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
https://youtu.be/3aZGGPrffew