On 10/22/17, Michael Niedermayer <mich...@niedermayer.cc> wrote:
> On Sun, Oct 22, 2017 at 07:28:31AM -0400, Ronald S. Bultje wrote:
>> Hi,
>>
>> On Sat, Oct 21, 2017 at 7:41 PM, Michael Niedermayer
>> <mich...@niedermayer.cc
>> > wrote:
>>
>> > add padding before scantable arrays
>> >
>> > See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
>> >
>> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
>> > ---
>> > libavcodec/h264dec.h | 1 +
>> > 1 file changed, 1 insertion(+)
>> >
>> > diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h
>> > index 2106ba077e..de8b7c38b9 100644
>> > --- a/libavcodec/h264dec.h
>> > +++ b/libavcodec/h264dec.h
>> > @@ -416,6 +416,7 @@ typedef struct H264Context {
>> > uint8_t (*mvd_table[2])[2];
>> > uint8_t *direct_table;
>> >
>> > + uint8_t scan_padding[16];
>> > uint8_t zigzag_scan[16];
>> > uint8_t zigzag_scan8x8[64];
>> > uint8_t zigzag_scan8x8_cavlc[64];
>> > --
>> > 2.14.2
>>
>>
>> This is 16 bytes; isn't the space before it (the pointers) already
>> providing that space? Or do you want it to be zero'ed so resulting
>> indices
>> can be used for writing into the coef array?
>
> I wanted to ensure that the pointer cannot leak into the output.
> Possibly giving an attacker information about the memory layout
Can we expect more of such patches in future?
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
