[FFmpeg-devel] lavf/qsvvpp: avoid the double-free when working in sys memory mode

Submitted by Linjie Fu on April 15, 2019, 1:24 p.m.

Details

Message ID 20190415132406.20464-1-linjie.fu@intel.com
State Accepted
Commit 6895b350c31d8fda5bd9e4285c52de6e391e7ff4
Headers show

Commit Message

Linjie Fu April 15, 2019, 1:24 p.m.
Currently, picref will be freed by calling av_frame_free(&picref) in
submit_frame() in qsvvpp.c when working in system memory mode,and normally it 
is freed in filter_frame() in vf_vpp_qsv.c when working in other modes.

Double free happens when working in system memory mode, remove to
fix the memory issue.

Signed-off-by: Linjie Fu <linjie.fu@intel.com>
---
Can be reproduced by applying the system memory patch and qsvdec+vpp:
    ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv -i input.mp4 \
                                -vf "vpp_qsv=w=960:h=540,format=rgb32" -f null -
 libavfilter/qsvvpp.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Linjie Fu May 29, 2019, 9:07 a.m.
> -----Original Message-----
> From: Fu, Linjie
> Sent: Monday, April 15, 2019 21:24
> To: ffmpeg-devel@ffmpeg.org
> Cc: Fu, Linjie <linjie.fu@intel.com>
> Subject: [PATCH] lavf/qsvvpp: avoid the double-free when working in sys
> memory mode
> 
> Currently, picref will be freed by calling av_frame_free(&picref) in
> submit_frame() in qsvvpp.c when working in system memory mode,and
> normally it
> is freed in filter_frame() in vf_vpp_qsv.c when working in other modes.
> 
> Double free happens when working in system memory mode, remove to
> fix the memory issue.
> 
> Signed-off-by: Linjie Fu <linjie.fu@intel.com>
> ---
> Can be reproduced by applying the system memory patch and qsvdec+vpp:
>     ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv -i
> input.mp4 \
>                                 -vf "vpp_qsv=w=960:h=540,format=rgb32" -f null -
>  libavfilter/qsvvpp.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/libavfilter/qsvvpp.c b/libavfilter/qsvvpp.c
> index 06efdf5089..5cd1d5d345 100644
> --- a/libavfilter/qsvvpp.c
> +++ b/libavfilter/qsvvpp.c
> @@ -316,7 +316,6 @@ static QSVFrame *submit_frame(QSVVPPContext *s,
> AVFilterLink *inlink, AVFrame *p
>              }
> 
>              av_frame_copy_props(qsv_frame->frame, picref);
> -            av_frame_free(&picref);
>          } else
>              qsv_frame->frame = av_frame_clone(picref);
> 
> --
> 2.17.1
Ping?
Zhong Li May 30, 2019, 5:15 a.m.
> From: ffmpeg-devel [mailto:ffmpeg-devel-bounces@ffmpeg.org] On Behalf

> Of Fu, Linjie

> Sent: Wednesday, May 29, 2019 5:08 PM

> To: ffmpeg-devel@ffmpeg.org

> Subject: Re: [FFmpeg-devel] [PATCH] lavf/qsvvpp: avoid the double-free

> when working in sys memory mode

> 

> > -----Original Message-----

> > From: Fu, Linjie

> > Sent: Monday, April 15, 2019 21:24

> > To: ffmpeg-devel@ffmpeg.org

> > Cc: Fu, Linjie <linjie.fu@intel.com>

> > Subject: [PATCH] lavf/qsvvpp: avoid the double-free when working in

> > sys memory mode

> >

> > Currently, picref will be freed by calling av_frame_free(&picref) in

> > submit_frame() in qsvvpp.c when working in system memory mode,and

> > normally it is freed in filter_frame() in vf_vpp_qsv.c when working in

> > other modes.

> >

> > Double free happens when working in system memory mode, remove to fix

> > the memory issue.

> >

> > Signed-off-by: Linjie Fu <linjie.fu@intel.com>

> > ---

> > Can be reproduced by applying the system memory patch and qsvdec+vpp:

> >     ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv

> > -i

> > input.mp4 \

> >                                 -vf

> "vpp_qsv=w=960:h=540,format=rgb32"


Is it possible to reproduce with another command line? It can work with mainline on Linux.

> > -f null -  libavfilter/qsvvpp.c | 1 -

> >  1 file changed, 1 deletion(-)

> >

> > diff --git a/libavfilter/qsvvpp.c b/libavfilter/qsvvpp.c index

> > 06efdf5089..5cd1d5d345 100644

> > --- a/libavfilter/qsvvpp.c

> > +++ b/libavfilter/qsvvpp.c

> > @@ -316,7 +316,6 @@ static QSVFrame *submit_frame(QSVVPPContext

> *s,

> > AVFilterLink *inlink, AVFrame *p

> >              }

> >

> >              av_frame_copy_props(qsv_frame->frame, picref);

> > -            av_frame_free(&picref);

> >          } else

> >              qsv_frame->frame = av_frame_clone(picref);

> >

> > --

> > 2.17.1

> Ping?


Patch LGTM
Linjie Fu May 30, 2019, 6:20 a.m.
> -----Original Message-----

> From: ffmpeg-devel [mailto:ffmpeg-devel-bounces@ffmpeg.org] On Behalf

> Of Li, Zhong

> Sent: Thursday, May 30, 2019 13:15

> To: FFmpeg development discussions and patches <ffmpeg-

> devel@ffmpeg.org>

> Subject: Re: [FFmpeg-devel] [PATCH] lavf/qsvvpp: avoid the double-free

> when working in sys memory mode

> 

> > From: ffmpeg-devel [mailto:ffmpeg-devel-bounces@ffmpeg.org] On

> Behalf

> > Of Fu, Linjie

> > Sent: Wednesday, May 29, 2019 5:08 PM

> > To: ffmpeg-devel@ffmpeg.org

> > Subject: Re: [FFmpeg-devel] [PATCH] lavf/qsvvpp: avoid the double-free

> > when working in sys memory mode

> >

> > > -----Original Message-----

> > > From: Fu, Linjie

> > > Sent: Monday, April 15, 2019 21:24

> > > To: ffmpeg-devel@ffmpeg.org

> > > Cc: Fu, Linjie <linjie.fu@intel.com>

> > > Subject: [PATCH] lavf/qsvvpp: avoid the double-free when working in

> > > sys memory mode

> > >

> > > Currently, picref will be freed by calling av_frame_free(&picref) in

> > > submit_frame() in qsvvpp.c when working in system memory mode,and

> > > normally it is freed in filter_frame() in vf_vpp_qsv.c when working in

> > > other modes.

> > >

> > > Double free happens when working in system memory mode, remove to

> fix

> > > the memory issue.

> > >

> > > Signed-off-by: Linjie Fu <linjie.fu@intel.com>

> > > ---

> > > Can be reproduced by applying the system memory patch and

> qsvdec+vpp:

> > >     ffmpeg -init_hw_device qsv=hw -filter_hw_device hw -c:v h264_qsv

> > > -i

> > > input.mp4 \

> > >                                 -vf

> > "vpp_qsv=w=960:h=540,format=rgb32"

> 

> Is it possible to reproduce with another command line? It can work with

> mainline on Linux.


vpp_qsv with system software path could reproduce this with mainline version:

ffmpeg -init_hw_device qsv=foo -filter_hw_device foo -v debug -f rawvideo -pix_fmt nv12 -s:v 852x480 -i 852x480.nv12 -vf 'vpp_qsv=w=500:h=400' -f rawvideo -pix_fmt nv12 qsv.nv12

This happens when the size of the input stream is not 32 aligned and has more than 1 frames.

> > > -f null -  libavfilter/qsvvpp.c | 1 -

> > >  1 file changed, 1 deletion(-)

> > >

> > > diff --git a/libavfilter/qsvvpp.c b/libavfilter/qsvvpp.c index

> > > 06efdf5089..5cd1d5d345 100644

> > > --- a/libavfilter/qsvvpp.c

> > > +++ b/libavfilter/qsvvpp.c

> > > @@ -316,7 +316,6 @@ static QSVFrame *submit_frame(QSVVPPContext

> > *s,

> > > AVFilterLink *inlink, AVFrame *p

> > >              }

> > >

> > >              av_frame_copy_props(qsv_frame->frame, picref);

> > > -            av_frame_free(&picref);

> > >          } else

> > >              qsv_frame->frame = av_frame_clone(picref);

> > >

> > > --

> > > 2.17.1

> > Ping?

> 

> Patch LGTM

> _______________________________________________

> ffmpeg-devel mailing list

> ffmpeg-devel@ffmpeg.org

> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

> 

> To unsubscribe, visit link above, or email

> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Zhong Li May 30, 2019, 9:10 a.m.
> vpp_qsv with system software path could reproduce this with mainline

> version:

> 

> ffmpeg -init_hw_device qsv=foo -filter_hw_device foo -v debug -f rawvideo

> -pix_fmt nv12 -s:v 852x480 -i 852x480.nv12 -vf 'vpp_qsv=w=500:h=400' -f

> rawvideo -pix_fmt nv12 qsv.nv12

> 

> This happens when the size of the input stream is not 32 aligned and has

> more than 1 frames.


Patch applied.

Patch hide | download patch | download mbox

diff --git a/libavfilter/qsvvpp.c b/libavfilter/qsvvpp.c
index 06efdf5089..5cd1d5d345 100644
--- a/libavfilter/qsvvpp.c
+++ b/libavfilter/qsvvpp.c
@@ -316,7 +316,6 @@  static QSVFrame *submit_frame(QSVVPPContext *s, AVFilterLink *inlink, AVFrame *p
             }
 
             av_frame_copy_props(qsv_frame->frame, picref);
-            av_frame_free(&picref);
         } else
             qsv_frame->frame = av_frame_clone(picref);