@@ -1067,10 +1067,12 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
} else if (block_buffer != nil) {
length = (int)CMBlockBufferGetDataLength(block_buffer);
} else {
+ unlock_frames(ctx);
return AVERROR(EINVAL);
}
if (av_new_packet(pkt, length) < 0) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1097,21 +1099,26 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
CFRelease(ctx->current_frame);
ctx->current_frame = nil;
- if (status < 0)
+ if (status < 0) {
+ unlock_frames(ctx);
return status;
+ }
} else if (ctx->current_audio_frame != nil) {
CMBlockBufferRef block_buffer = CMSampleBufferGetDataBuffer(ctx->current_audio_frame);
int block_buffer_size = CMBlockBufferGetDataLength(block_buffer);
if (!block_buffer || !block_buffer_size) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
if (ctx->audio_non_interleaved && block_buffer_size > ctx->audio_buffer_size) {
+ unlock_frames(ctx);
return AVERROR_BUFFER_TOO_SMALL;
}
if (av_new_packet(pkt, block_buffer_size) < 0) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1131,6 +1138,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, pkt->size, ctx->audio_buffer);
if (ret != kCMBlockBufferNoErr) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1142,7 +1150,11 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
int##bps##_t **src; \
int##bps##_t *dest; \
src = av_malloc(ctx->audio_channels * sizeof(int##bps##_t*)); \
- if (!src) return AVERROR(EIO); \
+ if (!src) { \
+ unlock_frames(ctx); \
+ return AVERROR(EIO); \
+ } \
+ \
for (c = 0; c < ctx->audio_channels; c++) { \
src[c] = ((int##bps##_t*)ctx->audio_buffer) + c * num_samples; \
} \
@@ -1162,6 +1174,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
} else {
OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, pkt->size, pkt->data);
if (ret != kCMBlockBufferNoErr) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
}
The problem here is that the lock ctx->frame_lock will become an unreleased lock if the program returns at patched lines. Depends-on: series-0001 Cc: cyeaa@connect.ust.hk Bug tracker link: https://trac.ffmpeg.org/ticket/9386\#ticket Signed-off-by: Chengfeng Ye <cyeaa@connect.ust.hk> --- libavdevice/avfoundation.m | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-)