[FFmpeg-devel] [PATCH] Make av_get_random_seed not block when waiting for more entropy

Martin Storsjö martin
Wed Jun 30 18:16:28 CEST 2010


On Wed, 30 Jun 2010, Michael Niedermayer wrote:

> before you spend more time on this.
> There is a possible security issue with using non block mode
> namely if we have /dev/*random and not use it we can end up
> using a uninitialized variable. Thats an information leak
> it could leak from pointers (kills ASLR) to OS/platform or
> compiler version or or or ...
> thats all usefull information for a attacker
> he only has to saturate /dev/random so it would block

Could you elaborate on your concern here? The fix he committed tries both 
/dev/random and /dev/urandom, and the latter should never block (afaik), 
and even in that case I don't see where any uninitialized variable would 
be leaked?

// Martin



More information about the ffmpeg-devel mailing list