Message ID | 20210422220752.41938-1-jamrial@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | [FFmpeg-devel] avcodec/av1_metadata: don't store the inserted TD OBU in stack | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
James Almer: > Fixes: stack-use-after-return > Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904 > Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624 > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavcodec/av1_metadata_bsf.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c > index 328db5c0da..b1ae364431 100644 > --- a/libavcodec/av1_metadata_bsf.c > +++ b/libavcodec/av1_metadata_bsf.c > @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext { > CBSBSFContext common; > > int td; > + AV1RawOBU td_obu; > > int color_primaries; > int transfer_characteristics; > @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, > CodedBitstreamFragment *frag) > { > AV1MetadataContext *ctx = bsf->priv_data; > - AV1RawOBU td, *obu; > + AV1RawOBU *obu; > int err, i; > > for (i = 0; i < frag->nb_units; i++) { > @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, > if (ctx->td == BSF_ELEMENT_REMOVE) > ff_cbs_delete_unit(frag, 0); > } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) { > - td = (AV1RawOBU) { > + ctx->td_obu = (AV1RawOBU) { > .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER, > }; I think you can move the initialization to init. LGTM anyway. > > err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER, > - &td, NULL); > + &ctx->td_obu, NULL); > if (err < 0) { > av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n"); > return err; >
On 4/23/2021 5:00 PM, Andreas Rheinhardt wrote: > James Almer: >> Fixes: stack-use-after-return >> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904 >> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624 >> >> Signed-off-by: James Almer <jamrial@gmail.com> >> --- >> libavcodec/av1_metadata_bsf.c | 7 ++++--- >> 1 file changed, 4 insertions(+), 3 deletions(-) >> >> diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c >> index 328db5c0da..b1ae364431 100644 >> --- a/libavcodec/av1_metadata_bsf.c >> +++ b/libavcodec/av1_metadata_bsf.c >> @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext { >> CBSBSFContext common; >> >> int td; >> + AV1RawOBU td_obu; >> >> int color_primaries; >> int transfer_characteristics; >> @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, >> CodedBitstreamFragment *frag) >> { >> AV1MetadataContext *ctx = bsf->priv_data; >> - AV1RawOBU td, *obu; >> + AV1RawOBU *obu; >> int err, i; >> >> for (i = 0; i < frag->nb_units; i++) { >> @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, >> if (ctx->td == BSF_ELEMENT_REMOVE) >> ff_cbs_delete_unit(frag, 0); >> } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) { >> - td = (AV1RawOBU) { >> + ctx->td_obu = (AV1RawOBU) { >> .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER, >> }; > > I think you can move the initialization to init. LGTM anyway. Will do that and apply. Thanks > >> >> err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER, >> - &td, NULL); >> + &ctx->td_obu, NULL); >> if (err < 0) { >> av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n"); >> return err; >> > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c index 328db5c0da..b1ae364431 100644 --- a/libavcodec/av1_metadata_bsf.c +++ b/libavcodec/av1_metadata_bsf.c @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext { CBSBSFContext common; int td; + AV1RawOBU td_obu; int color_primaries; int transfer_characteristics; @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, CodedBitstreamFragment *frag) { AV1MetadataContext *ctx = bsf->priv_data; - AV1RawOBU td, *obu; + AV1RawOBU *obu; int err, i; for (i = 0; i < frag->nb_units; i++) { @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, if (ctx->td == BSF_ELEMENT_REMOVE) ff_cbs_delete_unit(frag, 0); } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) { - td = (AV1RawOBU) { + ctx->td_obu = (AV1RawOBU) { .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER, }; err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER, - &td, NULL); + &ctx->td_obu, NULL); if (err < 0) { av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n"); return err;
Fixes: stack-use-after-return Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904 Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624 Signed-off-by: James Almer <jamrial@gmail.com> --- libavcodec/av1_metadata_bsf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)