[FFmpeg-devel] lavc/frame_thread_encoder: Do not memcpy() from NULL

Submitted by Carl Eugen Hoyos on July 2, 2019, 9:44 a.m.

Details

Message ID CAB0OVGr6shUNbeWPuC+q9tyiZ1sHNtBh6x2g5cQmWS80Bm=Zwg@mail.gmail.com
State Accepted
Headers show

Commit Message

Carl Eugen Hoyos July 2, 2019, 9:44 a.m.
Am Di., 2. Juli 2019 um 08:31 Uhr schrieb Reimar Döffinger
<Reimar.Doeffinger@gmx.de>:
>
> On 01.07.2019, at 00:51, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:

> > I believe attached patch fixes undefined behaviour and ticket #7981.
>
> Same here, I think it makes more sense to check the "size" instead of the pointer.

True, new patch attached.

> But I also suspect we might want to think of a way to not need all these explicit checks all over.

There are some places, but not so many afair.

Carl Eugen

Comments

Mark Thompson July 7, 2019, 11:59 a.m.
On 02/07/2019 10:44, Carl Eugen Hoyos wrote:
> Am Di., 2. Juli 2019 um 08:31 Uhr schrieb Reimar Döffinger
> <Reimar.Doeffinger@gmx.de>:
>>
>> On 01.07.2019, at 00:51, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
> 
>>> I believe attached patch fixes undefined behaviour and ticket #7981.
>>
>> Same here, I think it makes more sense to check the "size" instead of the pointer.
> 
> True, new patch attached.
> 
>> But I also suspect we might want to think of a way to not need all these explicit checks all over.
> 
> There are some places, but not so many afair.
> 
> Carl Eugen
> 
> 
> From 263adbc580ecbc67edbdc6d0f89e91a484bd520f Mon Sep 17 00:00:00 2001
> From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
> Date: Tue, 2 Jul 2019 11:42:32 +0200
> Subject: [PATCH] lavc/frame_thread_encoder: Do not memcpy() from NULL.
> 
> Fixes ticket #7981.
> ---
>  libavcodec/frame_thread_encoder.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c
> index 55756c4c54..949bc69f81 100644
> --- a/libavcodec/frame_thread_encoder.c
> +++ b/libavcodec/frame_thread_encoder.c
> @@ -209,8 +209,9 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
>              int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
>              if (ret < 0)
>                  goto fail;
> -        } else
> +        } else if (avctx->codec->priv_data_size) {
>              memcpy(thread_avctx->priv_data, avctx->priv_data, avctx->codec->priv_data_size);
> +        }
>          thread_avctx->thread_count = 1;
>          thread_avctx->active_thread_type &= ~FF_THREAD_FRAME;
>  
> -- 
> 2.22.0
> 

This is a good idea anyway regardless of the outcome of the av_memcpy() discussion.  LGTM.

Thanks,

- Mark
Carl Eugen Hoyos Aug. 10, 2019, 10:04 p.m.
Am So., 7. Juli 2019 um 14:04 Uhr schrieb Mark Thompson <sw@jkqxz.net>:
>
> On 02/07/2019 10:44, Carl Eugen Hoyos wrote:
> > Am Di., 2. Juli 2019 um 08:31 Uhr schrieb Reimar Döffinger
> > <Reimar.Doeffinger@gmx.de>:
> >>
> >> On 01.07.2019, at 00:51, Carl Eugen Hoyos <ceffmpeg@gmail.com> wrote:
> >
> >>> I believe attached patch fixes undefined behaviour and ticket #7981.
> >>
> >> Same here, I think it makes more sense to check the "size" instead of the pointer.
> >
> > True, new patch attached.
> >
> >> But I also suspect we might want to think of a way to not need all these explicit checks all over.
> >
> > There are some places, but not so many afair.
> >
> > Carl Eugen
> >
> >
> > From 263adbc580ecbc67edbdc6d0f89e91a484bd520f Mon Sep 17 00:00:00 2001
> > From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
> > Date: Tue, 2 Jul 2019 11:42:32 +0200
> > Subject: [PATCH] lavc/frame_thread_encoder: Do not memcpy() from NULL.
> >
> > Fixes ticket #7981.
> > ---
> >  libavcodec/frame_thread_encoder.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c
> > index 55756c4c54..949bc69f81 100644
> > --- a/libavcodec/frame_thread_encoder.c
> > +++ b/libavcodec/frame_thread_encoder.c
> > @@ -209,8 +209,9 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
> >              int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
> >              if (ret < 0)
> >                  goto fail;
> > -        } else
> > +        } else if (avctx->codec->priv_data_size) {
> >              memcpy(thread_avctx->priv_data, avctx->priv_data, avctx->codec->priv_data_size);
> > +        }
> >          thread_avctx->thread_count = 1;
> >          thread_avctx->active_thread_type &= ~FF_THREAD_FRAME;
> >
> > --
> > 2.22.0
> >
>
> This is a good idea anyway regardless of the outcome of the av_memcpy() discussion.  LGTM.

Patch applied.

Thank you, Carl Eugen

Patch hide | download patch | download mbox

From 263adbc580ecbc67edbdc6d0f89e91a484bd520f Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Date: Tue, 2 Jul 2019 11:42:32 +0200
Subject: [PATCH] lavc/frame_thread_encoder: Do not memcpy() from NULL.

Fixes ticket #7981.
---
 libavcodec/frame_thread_encoder.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c
index 55756c4c54..949bc69f81 100644
--- a/libavcodec/frame_thread_encoder.c
+++ b/libavcodec/frame_thread_encoder.c
@@ -209,8 +209,9 @@  int ff_frame_thread_encoder_init(AVCodecContext *avctx, AVDictionary *options){
             int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data);
             if (ret < 0)
                 goto fail;
-        } else
+        } else if (avctx->codec->priv_data_size) {
             memcpy(thread_avctx->priv_data, avctx->priv_data, avctx->codec->priv_data_size);
+        }
         thread_avctx->thread_count = 1;
         thread_avctx->active_thread_type &= ~FF_THREAD_FRAME;
 
-- 
2.22.0