diff options
| author | Andreas Rheinhardt <andreas.rheinhardt@outlook.com> | 2022-10-21 18:59:36 +0200 |
|---|---|---|
| committer | Andreas Rheinhardt <andreas.rheinhardt@outlook.com> | 2022-10-24 16:28:14 +0200 |
| commit | f49375f28ff22af19d8a259bd21def5e876dc97b (patch) | |
| tree | 2e0c24054f884b380a2511d1f193790750a1515d /libavutil/aes.c | |
| parent | 73930e4f93032bf6638e9561042b49864070b101 (diff) | |
| download | ffmpeg-f49375f28ff22af19d8a259bd21def5e876dc97b.tar.gz | |
avutil/aes: Don't use out-of-bounds index
Up until now, av_aes_init() uses a->round_key[0].u8 + t
as dst of memcpy where it is intended for t to greater
than 16 (u8 is an uint8_t[16]); given that round_key itself
is an array, it is actually intended for the dst to be
in a latter round_key member. To do this properly,
just cast a->round_key to unsigned char*.
This fixes the srtp, aes, aes_ctr, mov-3elist-encrypted,
mov-frag-encrypted and mov-tenc-only-encrypted
FATE-tests with (Clang-)UBSan.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Diffstat (limited to 'libavutil/aes.c')
| -rw-r--r-- | libavutil/aes.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libavutil/aes.c b/libavutil/aes.c index 8b78daa782..2f08fb4164 100644 --- a/libavutil/aes.c +++ b/libavutil/aes.c @@ -253,7 +253,7 @@ int av_aes_init(AVAES *a, const uint8_t *key, int key_bits, int decrypt) tk[j][i] ^= sbox[tk[j - 1][i]]; } - memcpy(a->round_key[0].u8 + t, tk, KC * 4); + memcpy((unsigned char*)a->round_key + t, tk, KC * 4); } if (decrypt) { |