| Message ID | 20171021234158.19405-1-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 380b48fb9fdc7b0c40d67e026f9b3accb12794eb |
| Headers | show |
Hi, On Sat, Oct 21, 2017 at 7:41 PM, Michael Niedermayer <michael@niedermayer.cc > wrote: > add padding before scantable arrays > > See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/h264dec.h | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h > index 2106ba077e..de8b7c38b9 100644 > --- a/libavcodec/h264dec.h > +++ b/libavcodec/h264dec.h > @@ -416,6 +416,7 @@ typedef struct H264Context { > uint8_t (*mvd_table[2])[2]; > uint8_t *direct_table; > > + uint8_t scan_padding[16]; > uint8_t zigzag_scan[16]; > uint8_t zigzag_scan8x8[64]; > uint8_t zigzag_scan8x8_cavlc[64]; > -- > 2.14.2 This is 16 bytes; isn't the space before it (the pointers) already providing that space? Or do you want it to be zero'ed so resulting indices can be used for writing into the coef array? Ronald
On Sun, Oct 22, 2017 at 07:28:31AM -0400, Ronald S. Bultje wrote: > Hi, > > On Sat, Oct 21, 2017 at 7:41 PM, Michael Niedermayer <michael@niedermayer.cc > > wrote: > > > add padding before scantable arrays > > > > See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a > > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/h264dec.h | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h > > index 2106ba077e..de8b7c38b9 100644 > > --- a/libavcodec/h264dec.h > > +++ b/libavcodec/h264dec.h > > @@ -416,6 +416,7 @@ typedef struct H264Context { > > uint8_t (*mvd_table[2])[2]; > > uint8_t *direct_table; > > > > + uint8_t scan_padding[16]; > > uint8_t zigzag_scan[16]; > > uint8_t zigzag_scan8x8[64]; > > uint8_t zigzag_scan8x8_cavlc[64]; > > -- > > 2.14.2 > > > This is 16 bytes; isn't the space before it (the pointers) already > providing that space? Or do you want it to be zero'ed so resulting indices > can be used for writing into the coef array? I wanted to ensure that the pointer cannot leak into the output. Possibly giving an attacker information about the memory layout [...]
On 10/22/17, Michael Niedermayer <michael@niedermayer.cc> wrote: > On Sun, Oct 22, 2017 at 07:28:31AM -0400, Ronald S. Bultje wrote: >> Hi, >> >> On Sat, Oct 21, 2017 at 7:41 PM, Michael Niedermayer >> <michael@niedermayer.cc >> > wrote: >> >> > add padding before scantable arrays >> > >> > See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a >> > >> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> >> > --- >> > libavcodec/h264dec.h | 1 + >> > 1 file changed, 1 insertion(+) >> > >> > diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h >> > index 2106ba077e..de8b7c38b9 100644 >> > --- a/libavcodec/h264dec.h >> > +++ b/libavcodec/h264dec.h >> > @@ -416,6 +416,7 @@ typedef struct H264Context { >> > uint8_t (*mvd_table[2])[2]; >> > uint8_t *direct_table; >> > >> > + uint8_t scan_padding[16]; >> > uint8_t zigzag_scan[16]; >> > uint8_t zigzag_scan8x8[64]; >> > uint8_t zigzag_scan8x8_cavlc[64]; >> > -- >> > 2.14.2 >> >> >> This is 16 bytes; isn't the space before it (the pointers) already >> providing that space? Or do you want it to be zero'ed so resulting >> indices >> can be used for writing into the coef array? > > I wanted to ensure that the pointer cannot leak into the output. > Possibly giving an attacker information about the memory layout Can we expect more of such patches in future?
On Sun, Oct 22, 2017 at 01:41:56AM +0200, Michael Niedermayer wrote: > add padding before scantable arrays > > See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/h264dec.h | 1 + > 1 file changed, 1 insertion(+) will apply
diff --git a/libavcodec/h264dec.h b/libavcodec/h264dec.h index 2106ba077e..de8b7c38b9 100644 --- a/libavcodec/h264dec.h +++ b/libavcodec/h264dec.h @@ -416,6 +416,7 @@ typedef struct H264Context { uint8_t (*mvd_table[2])[2]; uint8_t *direct_table; + uint8_t scan_padding[16]; uint8_t zigzag_scan[16]; uint8_t zigzag_scan8x8[64]; uint8_t zigzag_scan8x8_cavlc[64];
add padding before scantable arrays See: 522d850e68ec4b77d3477b3c8f55b1ba00a9d69a Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/h264dec.h | 1 + 1 file changed, 1 insertion(+)