From patchwork Thu Sep 19 15:42:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Moritz Barsnick X-Patchwork-Id: 15151 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id CF454449E18 for ; Thu, 19 Sep 2019 18:42:48 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AF048689987; Thu, 19 Sep 2019 18:42:48 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C61E76891E5 for ; Thu, 19 Sep 2019 18:42:41 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1568907761; bh=t0g7lT2u0lrxcYKM98TWDcnDcMTi5OL9MpJM24jkDbo=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=VZOolm3Yn86xjgNcIRgmwQJb4RfxZY+56MQZBcZc1CmXnHe7VwdAuxAi8fdR0dgcU Z11heAuIt8+TVnO5Sls/sknXcWZVRpvsvqoYzRTbyzr9BTImXCS11yr3JnEaq+yF/O qAWvKKo4yoFoR5rC6aYg+Tha+CeMt5fO9yrRLnEA= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from paradise.fritz.box ([89.182.224.9]) by mail.gmx.com (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N8GMk-1i6UPB0LuC-014E1B; Thu, 19 Sep 2019 17:42:41 +0200 From: Moritz Barsnick To: FFmpeg development discussions and patches Date: Thu, 19 Sep 2019 17:42:30 +0200 Message-Id: <20190919154230.19017-1-barsnick@gmx.net> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20180627082151.9794-1-barsnick@gmx.net> References: <20180627082151.9794-1-barsnick@gmx.net> MIME-Version: 1.0 X-Provags-ID: V03:K1:PUOnMx6GIhFgn/oKHqAtJe8bpeg5PTZO21xcJfzY679Pgf+rZn6 fC8nwBkg+IBKUu3NWYG4MEI+ctI+DA77sbMgHmk9hOQYJ9HpHlOGDcCYnx3XPh9CxrHcpQe 6X1Vw+nUkmHeEt4xX3RCTAFgR6aGbkeSSsmGpO+1wOYepwXVfXxaNB7b2mdft0WII89zhfJ FAkFuHQXzQ3qhbYKYi69Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:clkF9g5H29c=:RF15fIKbUDijoZFPbQSHN4 u53mUcnn9vp+3ZD3jyhHA1ml6phWZv9HZ0hwqxHPgxpzhp+4NDlv9EevjS/rvjJaAmyGjtzGi k2jE/7/8QRaRiffnH8CfX71bIHYDZMyarTEBntNCprORJlMuZTR7BQKEaalo0+Z5bFuSnhPIH tnOaQiL0wMCENeLUIlz8iqWO5/SxNRtbImqztueOovxgdfbJIlxLiYCJV9AnDY60maAwWDjCf G8l1LmYubygIrRU1UapVenFDjmRWcoKM2hyBALnoMU1m2il3iDA3yGWnQTW7+gO4P3+CSXUGN YDwC9fjE7yqYycRxNtY5tBmTwMFMiZBSJlz2sd3QvgHU1+Xsv3Av2dOmHoPYNhY/LumjnKKrh M8BCMt0e3zuhlVWIvdlYRR36MaFSLO5uJIPZfzbp113iJa58j3YGaSNZlJVOK7GtCtqc7cLxL EuiLhxkpbSiQlFvWpknK8qyfvA2FB025mULIU0h8g9R5sgNE/4hfCFWXpsT5tWgxeUQm3H7Fi /oVUjKDOPr1a5TovMjoIZFWMR9LZniwOTualopI0raDtNR6N+dc6lutl9z26yGbIwqjjlBQIL rQJmq/gLvDO4I2+OpDkM/p2ltqhViyEAw5pugmFxzDoUi8S1lZbBw/9kf+R9vRkp5kKe6YDOS v/XuDWao0Ch73HnsZviszc/PPYrEQG1LLRlkHPMDYT81VEN8TSc3mAu4Ak3e+TwtvpX8liEaG zOHVB9Cfpxr5onB4VuBZF5l6m8Jzn5aoDtkp5G6/YnqxS23cIC8d9V/nEvVais/4Jsu2MUwjN VbeXY89wlyQC7uUIOdSMSP0/9qdzoJ1o7NOq7ZzZ1l/kTlAP3wy0XK12+HNJOGPjjCzTbG56C Yzr+ift3+1Lx2RTlnpcyHJwidzQqysXFwUnTyE5Y44FnH8DwRZyy/jjCOCNv5BdGlXYN+Lw7X 2Ifo5QuiN91mu5TJ/ZJ+DFNpCcop0346Ub6RGXHl3NHfG+DBYh5Od5TJRhJa39qFnDpehNXpc QpKBLkjUjjt8xpT1hkzLKGQWwumY7Al6Ow1plF0yxhJYcrjYJAiukVM3+MGO/gUnpjUHDEvxW TbFmulVrL+EpJoEr6KSwTEzWq4L+tJKADYovy+kbvFtn94A5wAcuaAgdMKE3QpeFUTq6shomc tPRAwuri6ZDXz+GUiLXmUvZMQhzIhUDkmvHdykJDCD+7LcSkdpK/FDkUeFtDLiFyG2ZuhEy5u Lt3eHyZ+n+E70cEqYlGTmDtOyCkx1DwgU7sSIgaNF7DN1XZ++UkRn6PN8OWU= Subject: [FFmpeg-devel] [PATCH v3] avdevice/xcbgrab: check return values of xcb query functions X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Moritz Barsnick Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" xcb_query_pointer_reply() and xcb_get_geometry_reply() can return NULL if e.g. the X server closes or the connection is lost. This needs to be checked in order to cleanly exit, because the returned pointers are dereferenced later. Furthermore, their return values need to be free()d, also in error code paths. Signed-off-by: Moritz Barsnick --- To reproduce: Terminal 1: $ Xvfb :1 -nolisten tcp -screen 0 800x600x24 Terminal 2: $ ffmpeg -f x11grab -i :1 -f null - or rather $ gdb -ex r --args ffmpeg_g -f x11grab -i :1 -f null - Then terminate Xvfb while ffmpeg is running. libavdevice/xcbgrab.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) -- 2.20.1 diff --git a/libavdevice/xcbgrab.c b/libavdevice/xcbgrab.c index b7e689343e..3fb3c56285 100644 --- a/libavdevice/xcbgrab.c +++ b/libavdevice/xcbgrab.c @@ -326,8 +326,10 @@ static void xcbgrab_draw_mouse(AVFormatContext *s, AVPacket *pkt, return; cursor = xcb_xfixes_get_cursor_image_cursor_image(ci); - if (!cursor) + if (!cursor) { + free(ci); return; + } cx = ci->x - ci->xhot; cy = ci->y - ci->yhot; @@ -404,7 +406,16 @@ static int xcbgrab_read_packet(AVFormatContext *s, AVPacket *pkt) pc = xcb_query_pointer(c->conn, c->screen->root); gc = xcb_get_geometry(c->conn, c->screen->root); p = xcb_query_pointer_reply(c->conn, pc, NULL); + if (!p) { + av_log(c, AV_LOG_ERROR, "Failed to query xcb pointer\n"); + return AVERROR(EIO); + } geo = xcb_get_geometry_reply(c->conn, gc, NULL); + if (!geo) { + av_log(c, AV_LOG_ERROR, "Failed get xcb geometry\n"); + free(p); + return AVERROR(EIO); + } } if (c->follow_mouse && p->same_screen) @@ -537,6 +548,10 @@ static int create_stream(AVFormatContext *s) gc = xcb_get_geometry(c->conn, c->screen->root); geo = xcb_get_geometry_reply(c->conn, gc, NULL); + if (!geo) { + av_log(c, AV_LOG_ERROR, "Failed to get xcb geometry\n"); + return AVERROR(EIO); + } if (c->x + c->width > geo->width || c->y + c->height > geo->height) {