[FFmpeg-devel] [PATCH] Add FITS Demuxer

Reimar Döffinger Reimar.Doeffinger at gmx.de
Tue Jul 4 09:42:56 EEST 2017

On 04.07.2017, at 00:51, Nicolas George <george at nsup.org> wrote:

> Hi. Nice to see you back.
> Le sextidi 16 messidor, an CCXXV, Reimar Döffinger a écrit :
>> This is more than 4kB of data on the stack.
>> Large stack arrays have a huge amount of security implications, please
>> put such buffers (if really needed) into the context.
> 4 ko is not large, and neither is what is used here. We have a lot stack
> allocations of that size and more and a few significantly larger.

Ok, I won't try to change policy, but the guard pages (if even implemented) are 4kB and thus anything not significantly smaller increases security risks.
As does any type of array that presents an overflow risk.
Those may rather be kernel issues admittedly, but considering all OS kernels seem to have the same issues they should probably not be entirely ignored by application.

> And data that do not survive the function call do not belong in the
> context.

From a security standpoint, I believe any array and anything that is more than a handful bytes ideally should not be on the stack, if the added complexity is minimal.

More information about the ffmpeg-devel mailing list