[FFmpeg-devel] [PATCH] Add FITS Demuxer

wm4 nfxjfg at googlemail.com
Tue Jul 4 11:33:35 EEST 2017


On Tue, 4 Jul 2017 08:42:56 +0200
Reimar Döffinger <Reimar.Doeffinger at gmx.de> wrote:

> On 04.07.2017, at 00:51, Nicolas George <george at nsup.org> wrote:
> 
> > Hi. Nice to see you back.
> > 
> > Le sextidi 16 messidor, an CCXXV, Reimar Döffinger a écrit :  
> >> This is more than 4kB of data on the stack.
> >> Large stack arrays have a huge amount of security implications, please
> >> put such buffers (if really needed) into the context.  
> > 
> > 4 ko is not large, and neither is what is used here. We have a lot stack
> > allocations of that size and more and a few significantly larger.  
> 
> Ok, I won't try to change policy, but the guard pages (if even implemented) are 4kB and thus anything not significantly smaller increases security risks.
> As does any type of array that presents an overflow risk.
> Those may rather be kernel issues admittedly, but considering all OS kernels seem to have the same issues they should probably not be entirely ignored by application.

If you're interested in security hacks, you should probably use a
Microsoft compiler, which will touch at least every 4K of stack
allocation, to avoid skipping a guard page.


More information about the ffmpeg-devel mailing list