avutil/aes: Don't use out-of-bounds index

Up until now, av_aes_init() uses a->round_key[0].u8 + t as dst of memcpy where it is intended for t to greater than 16 (u8 is an uint8_t[16]); given that round_key itself is an array, it is actually intended for the dst to be in a latter round_key member. To do this properly, just cast a->round_key to unsigned char*. This fixes the srtp, aes, aes_ctr, mov-3elist-encrypted, mov-frag-encrypted and mov-tenc-only-encrypted FATE-tests with (Clang-)UBSan. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>

avutil/aes: Don't use out-of-bounds index
Up until now, av_aes_init() uses a->round_key[0].u8 + t as dst of memcpy where it is intended for t to greater than 16 (u8 is an uint8_t[16]); given that round_key itself is an array, it is actually intended for the dst to be in a latter round_key member. To do this properly, just cast a->round_key to unsigned char*. This fixes the srtp, aes, aes_ctr, mov-3elist-encrypted, mov-frag-encrypted and mov-tenc-only-encrypted FATE-tests with (Clang-)UBSan. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
f49375f2 · Andreas Rheinhardt · 73930e4f · f49375f2
Commit f49375f2 authored Oct 21, 2022 by Andreas Rheinhardt
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

aes.c libavutil/aes.c +1 -1

No files found.
--- a/libavutil/aes.c
+++ b/libavutil/aes.c
@@ -253,7 +253,7 @@ int av_aes_init(AVAES *a, const uint8_t *key, int key_bits, int decrypt)
                    tk[j][i] ^= sbox[tk[j - 1][i]];
        }

-        memcpy(a->round_key[0].u8 + t, tk, KC * 4);
+        memcpy((unsigned char*)a->round_key + t, tk, KC * 4);
    }

    if (decrypt) {