| Message ID | 20210318204958.21176-4-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 76cea1d2ce3f23e8131c8664086a1daf873ed694 |
| Headers | show |
| Series | [FFmpeg-devel,1/4] avformat/avidec: Check for dv streams before using priv_data in parse ##dc/##wb | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
Michael Niedermayer: > Fixes: null pointer dereference > Fixes: ff_put_pixels16_sse2.mp4 > > Found-by: Rafael Dutra <rafael.dutra@cispa.de> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/mpegpicture.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/mpegpicture.c b/libavcodec/mpegpicture.c > index e3f648895d..0652b7c879 100644 > --- a/libavcodec/mpegpicture.c > +++ b/libavcodec/mpegpicture.c > @@ -79,8 +79,11 @@ int ff_mpeg_framesize_alloc(AVCodecContext *avctx, MotionEstContext *me, > // linesize * interlaced * MBsize > // we also use this buffer for encoding in encode_mb_internal() needig an additional 32 lines > if (!FF_ALLOCZ_TYPED_ARRAY(sc->edge_emu_buffer, alloc_size * EMU_EDGE_HEIGHT) || > - !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) > + !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) { > + av_freep(&sc->edge_emu_buffer); > return AVERROR(ENOMEM); > + } > + > me->temp = me->scratchpad; > sc->rd_scratchpad = me->scratchpad; > sc->b_scratchpad = me->scratchpad; > This is a regression since 4b2863ff01b1fe93d9a518523c9098d17a9d8c6f, see http://ffmpeg.org/pipermail/ffmpeg-devel/2020-December/274026.html. - Andreas
On Thu, Mar 18, 2021 at 09:57:11PM +0100, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: null pointer dereference > > Fixes: ff_put_pixels16_sse2.mp4 > > > > Found-by: Rafael Dutra <rafael.dutra@cispa.de> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/mpegpicture.c | 5 ++++- > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/mpegpicture.c b/libavcodec/mpegpicture.c > > index e3f648895d..0652b7c879 100644 > > --- a/libavcodec/mpegpicture.c > > +++ b/libavcodec/mpegpicture.c > > @@ -79,8 +79,11 @@ int ff_mpeg_framesize_alloc(AVCodecContext *avctx, MotionEstContext *me, > > // linesize * interlaced * MBsize > > // we also use this buffer for encoding in encode_mb_internal() needig an additional 32 lines > > if (!FF_ALLOCZ_TYPED_ARRAY(sc->edge_emu_buffer, alloc_size * EMU_EDGE_HEIGHT) || > > - !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) > > + !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) { > > + av_freep(&sc->edge_emu_buffer); > > return AVERROR(ENOMEM); > > + } > > + > > me->temp = me->scratchpad; > > sc->rd_scratchpad = me->scratchpad; > > sc->b_scratchpad = me->scratchpad; > > > This is a regression since 4b2863ff01b1fe93d9a518523c9098d17a9d8c6f, see > http://ffmpeg.org/pipermail/ffmpeg-devel/2020-December/274026.html. Do you prefer your patchset, or do i misunderstand ? I have no preferrance except that i want to see the bugs fixed thanks [...]
On Fri, Mar 19, 2021 at 04:26:11PM +0100, Michael Niedermayer wrote: > On Thu, Mar 18, 2021 at 09:57:11PM +0100, Andreas Rheinhardt wrote: > > Michael Niedermayer: > > > Fixes: null pointer dereference > > > Fixes: ff_put_pixels16_sse2.mp4 > > > > > > Found-by: Rafael Dutra <rafael.dutra@cispa.de> > > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > > --- > > > libavcodec/mpegpicture.c | 5 ++++- > > > 1 file changed, 4 insertions(+), 1 deletion(-) > > > > > > diff --git a/libavcodec/mpegpicture.c b/libavcodec/mpegpicture.c > > > index e3f648895d..0652b7c879 100644 > > > --- a/libavcodec/mpegpicture.c > > > +++ b/libavcodec/mpegpicture.c > > > @@ -79,8 +79,11 @@ int ff_mpeg_framesize_alloc(AVCodecContext *avctx, MotionEstContext *me, > > > // linesize * interlaced * MBsize > > > // we also use this buffer for encoding in encode_mb_internal() needig an additional 32 lines > > > if (!FF_ALLOCZ_TYPED_ARRAY(sc->edge_emu_buffer, alloc_size * EMU_EDGE_HEIGHT) || > > > - !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) > > > + !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) { > > > + av_freep(&sc->edge_emu_buffer); > > > return AVERROR(ENOMEM); > > > + } > > > + > > > me->temp = me->scratchpad; > > > sc->rd_scratchpad = me->scratchpad; > > > sc->b_scratchpad = me->scratchpad; > > > > > This is a regression since 4b2863ff01b1fe93d9a518523c9098d17a9d8c6f, see > > http://ffmpeg.org/pipermail/ffmpeg-devel/2020-December/274026.html. > > Do you prefer your patchset, or do i misunderstand ? > > I have no preferrance except that i want to see the bugs fixed will apply with a reference to the commit that caused the regression thx [...]
diff --git a/libavcodec/mpegpicture.c b/libavcodec/mpegpicture.c index e3f648895d..0652b7c879 100644 --- a/libavcodec/mpegpicture.c +++ b/libavcodec/mpegpicture.c @@ -79,8 +79,11 @@ int ff_mpeg_framesize_alloc(AVCodecContext *avctx, MotionEstContext *me, // linesize * interlaced * MBsize // we also use this buffer for encoding in encode_mb_internal() needig an additional 32 lines if (!FF_ALLOCZ_TYPED_ARRAY(sc->edge_emu_buffer, alloc_size * EMU_EDGE_HEIGHT) || - !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) + !FF_ALLOCZ_TYPED_ARRAY(me->scratchpad, alloc_size * 4 * 16 * 2)) { + av_freep(&sc->edge_emu_buffer); return AVERROR(ENOMEM); + } + me->temp = me->scratchpad; sc->rd_scratchpad = me->scratchpad; sc->b_scratchpad = me->scratchpad;
Fixes: null pointer dereference Fixes: ff_put_pixels16_sse2.mp4 Found-by: Rafael Dutra <rafael.dutra@cispa.de> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/mpegpicture.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)