On 04.07.2017, at 00:51, Nicolas George <geo...@nsup.org> wrote: > Hi. Nice to see you back. > > Le sextidi 16 messidor, an CCXXV, Reimar Döffinger a écrit : >> This is more than 4kB of data on the stack. >> Large stack arrays have a huge amount of security implications, please >> put such buffers (if really needed) into the context. > > 4 ko is not large, and neither is what is used here. We have a lot stack > allocations of that size and more and a few significantly larger.
Ok, I won't try to change policy, but the guard pages (if even implemented) are 4kB and thus anything not significantly smaller increases security risks. As does any type of array that presents an overflow risk. Those may rather be kernel issues admittedly, but considering all OS kernels seem to have the same issues they should probably not be entirely ignored by application. > And data that do not survive the function call do not belong in the > context. From a security standpoint, I believe any array and anything that is more than a handful bytes ideally should not be on the stack, if the added complexity is minimal. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
