Message ID | 20191015173615.29800-1-onemda@gmail.com |
---|---|
State | New |
Headers | show |
On 10/15/2019 2:36 PM, Paul B Mahol wrote: > Fixes #8281 > > Signed-off-by: Paul B Mahol <onemda@gmail.com> > --- > libavcodec/frame_thread_encoder.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c > index 949bc69f81..ffee242b76 100644 > --- a/libavcodec/frame_thread_encoder.c > +++ b/libavcodec/frame_thread_encoder.c > @@ -116,6 +116,7 @@ end: > > int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){ > int i=0; > + AVCodecContext *thread_avctx = NULL; > ThreadContext *c; > > > @@ -195,7 +196,7 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){ > AVDictionary *tmp = NULL; > int ret; > void *tmpv; > - AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec); > + thread_avctx = avcodec_alloc_context3(avctx->codec); > if(!thread_avctx) > goto fail; > tmpv = thread_avctx->priv_data; > @@ -236,6 +237,7 @@ fail: > avctx->thread_count = i; > av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n"); > ff_frame_thread_encoder_free(avctx); > + avcodec_free_context(&thread_avctx); > return -1; > } I thought about this, but if you look at line 202 where it does "*thread_avctx = *avctx;", isn't there a risk of double frees with internal fields when avctx is also freed?
On 10/15/19, James Almer <jamrial@gmail.com> wrote: > On 10/15/2019 2:36 PM, Paul B Mahol wrote: >> Fixes #8281 >> >> Signed-off-by: Paul B Mahol <onemda@gmail.com> >> --- >> libavcodec/frame_thread_encoder.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/libavcodec/frame_thread_encoder.c >> b/libavcodec/frame_thread_encoder.c >> index 949bc69f81..ffee242b76 100644 >> --- a/libavcodec/frame_thread_encoder.c >> +++ b/libavcodec/frame_thread_encoder.c >> @@ -116,6 +116,7 @@ end: >> >> int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary >> *options){ >> int i=0; >> + AVCodecContext *thread_avctx = NULL; >> ThreadContext *c; >> >> >> @@ -195,7 +196,7 @@ int ff_frame_thread_encoder_init(AVCodecContext >> *avctx, AVDictionary *options){ >> AVDictionary *tmp = NULL; >> int ret; >> void *tmpv; >> - AVCodecContext *thread_avctx = >> avcodec_alloc_context3(avctx->codec); >> + thread_avctx = avcodec_alloc_context3(avctx->codec); >> if(!thread_avctx) >> goto fail; >> tmpv = thread_avctx->priv_data; >> @@ -236,6 +237,7 @@ fail: >> avctx->thread_count = i; >> av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n"); >> ff_frame_thread_encoder_free(avctx); >> + avcodec_free_context(&thread_avctx); >> return -1; >> } > > I thought about this, but if you look at line 202 where it does > "*thread_avctx = *avctx;", isn't there a risk of double frees with > internal fields when avctx is also freed? Yes, there it is. > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c index 949bc69f81..ffee242b76 100644 --- a/libavcodec/frame_thread_encoder.c +++ b/libavcodec/frame_thread_encoder.c @@ -116,6 +116,7 @@ end: int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){ int i=0; + AVCodecContext *thread_avctx = NULL; ThreadContext *c; @@ -195,7 +196,7 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){ AVDictionary *tmp = NULL; int ret; void *tmpv; - AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec); + thread_avctx = avcodec_alloc_context3(avctx->codec); if(!thread_avctx) goto fail; tmpv = thread_avctx->priv_data; @@ -236,6 +237,7 @@ fail: avctx->thread_count = i; av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n"); ff_frame_thread_encoder_free(avctx); + avcodec_free_context(&thread_avctx); return -1; }
Fixes #8281 Signed-off-by: Paul B Mahol <onemda@gmail.com> --- libavcodec/frame_thread_encoder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)