Message ID | 20190925203858.27870-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | 0f89a2293ea5f642a67700225d76948ed154418e |
Headers | show |
bettter add init cleanup? On 9/25/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > Fixes: memleak > Fixes: > 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/wmaprodec.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c > index d0fa974c80..5ff26e907d 100644 > --- a/libavcodec/wmaprodec.c > +++ b/libavcodec/wmaprodec.c > @@ -1793,6 +1793,12 @@ static int xma_decode_packet(AVCodecContext *avctx, > void *data, > AVFrame *frame = data; > int i, ret, offset = INT_MAX; > > + if (!s->frames[s->current_stream]->data[0]) { > + s->frames[s->current_stream]->nb_samples = 512; > + if ((ret = ff_get_buffer(avctx, s->frames[s->current_stream], 0)) < > 0) { > + return ret; > + } > + } > /* decode current stream packet */ > ret = decode_packet(avctx, &s->xma[s->current_stream], > s->frames[s->current_stream], > &got_stream_frame_ptr, avpkt); > @@ -1915,10 +1921,6 @@ static av_cold int xma_decode_init(AVCodecContext > *avctx) > s->frames[i] = av_frame_alloc(); > if (!s->frames[i]) > return AVERROR(ENOMEM); > - s->frames[i]->nb_samples = 512; > - if ((ret = ff_get_buffer(avctx, s->frames[i], 0)) < 0) { > - return AVERROR(ENOMEM); > - } > > s->start_channel[i] = start_channels; > start_channels += s->xma[i].nb_channels; > -- > 2.23.0 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Thu, Sep 26, 2019 at 09:50:15AM +0200, Paul B Mahol wrote:
> bettter add init cleanup?
Thats not the problem, init does not fail with the testcase
also the cleanup is called for every case init is called
The problem is that ff_get_buffer() during init is not fully supported
Also API says "This callback is called at the beginning of each frame to get data"
so i think the change done by the patch is correct
We could fix the code to make ff_get_buffer() during init work but
i couldnt find another decoder that does this so it seems thats
not worth it
Thanks
[...]
ok On 11/9/19, Michael Niedermayer <michael@niedermayer.cc> wrote: > On Thu, Sep 26, 2019 at 09:50:15AM +0200, Paul B Mahol wrote: >> bettter add init cleanup? > > Thats not the problem, init does not fail with the testcase > also the cleanup is called for every case init is called > > The problem is that ff_get_buffer() during init is not fully supported > > Also API says "This callback is called at the beginning of each frame to get > data" > so i think the change done by the patch is correct > > We could fix the code to make ff_get_buffer() during init work but > i couldnt find another decoder that does this so it seems thats > not worth it > > Thanks > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Those who are too smart to engage in politics are punished by being > governed by those who are dumber. -- Plato >
On Sat, Nov 09, 2019 at 04:11:13PM +0100, Paul B Mahol wrote:
> ok
will apply
thanks
[...]
diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c index d0fa974c80..5ff26e907d 100644 --- a/libavcodec/wmaprodec.c +++ b/libavcodec/wmaprodec.c @@ -1793,6 +1793,12 @@ static int xma_decode_packet(AVCodecContext *avctx, void *data, AVFrame *frame = data; int i, ret, offset = INT_MAX; + if (!s->frames[s->current_stream]->data[0]) { + s->frames[s->current_stream]->nb_samples = 512; + if ((ret = ff_get_buffer(avctx, s->frames[s->current_stream], 0)) < 0) { + return ret; + } + } /* decode current stream packet */ ret = decode_packet(avctx, &s->xma[s->current_stream], s->frames[s->current_stream], &got_stream_frame_ptr, avpkt); @@ -1915,10 +1921,6 @@ static av_cold int xma_decode_init(AVCodecContext *avctx) s->frames[i] = av_frame_alloc(); if (!s->frames[i]) return AVERROR(ENOMEM); - s->frames[i]->nb_samples = 512; - if ((ret = ff_get_buffer(avctx, s->frames[i], 0)) < 0) { - return AVERROR(ENOMEM); - } s->start_channel[i] = start_channels; start_channels += s->xma[i].nb_channels;
Fixes: memleak Fixes: 17615/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_XMA2_fuzzer-5681306024804352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/wmaprodec.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)