[FFmpeg-devel] [PATCH] aes: AVAES.round_key should have space for 16 4x4 arrays, not 15

Andy Parkins andyparkins
Wed Jul 18 10:01:37 CEST 2007


When key_bits == 256, then rounds == (256>>5 + 6) == 14.  In
av_aes_init(), then, the key expansion loop runs from zero to 224 in 32
byte steps.

AVAES.round_key is filled in by this line:
  memcpy(a->round_key[0][0]+t, tk, KC*4);

KC*4 is 32; so this line is copying bytes into the following array
indices:

 round_key[14][0][0] to round_key[15][3][3]

But the declaration for round_key is

 round_key[15][4][4];

Remember, the declaration is the number of elements, but the accesses
are zero based, which makes the last index of this variable,
round_key[14][3][3].  i.e. This block is 16 byets short of what it needs
to be.

This patch changes the round_key declaration to

 round_key[16][4][4];

Preventing the overflow.
---
 libavutil/aes.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
-- 
Dr Andy Parkins, M Eng (hons), MIET
andyparkins at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 28b5249dc456b4463cb1b92524c04b62e132abfd.diff
Type: text/x-patch
Size: 305 bytes
Desc: not available
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20070718/2624f1eb/attachment.bin>



More information about the ffmpeg-devel mailing list