| Message ID | 20191201095626.15871-1-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | 710ab136931ff228b355d87512b0d4ca4e94656a |
| Headers | show |
LGTM On 12/1/19, Andreas Rheinhardt <andreas.rheinhardt@gmail.com> wrote: > The unsharp filter uses an array of arrays of uint32_t, each of which is > separately allocated. These arrays also need to freed separately; but > before doing so, one needs to check whether the array of arrays has > actually been allocated, otherwise one would dereference a NULL pointer. > This fixes #8408. > > Furthermore, the array of arrays needs to be zero-initialized so that > no uninitialized pointer will be freed in case an allocation of one of > the individual arrays fails. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavfilter/vf_unsharp.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c > index 95b4968d41..7b430b650d 100644 > --- a/libavfilter/vf_unsharp.c > +++ b/libavfilter/vf_unsharp.c > @@ -218,7 +218,7 @@ static int init_filter_param(AVFilterContext *ctx, > UnsharpFilterParam *fp, const > effect, effect_type, fp->msize_x, fp->msize_y, fp->amount / > 65535.0); > > fp->sr = av_malloc_array((MAX_MATRIX_SIZE - 1) * s->nb_threads, > sizeof(uint32_t)); > - fp->sc = av_malloc_array(2 * fp->steps_y * s->nb_threads, > sizeof(uint32_t **)); > + fp->sc = av_mallocz_array(2 * fp->steps_y * s->nb_threads, > sizeof(uint32_t *)); > if (!fp->sr || !fp->sc) > return AVERROR(ENOMEM); > > @@ -258,9 +258,11 @@ static void free_filter_param(UnsharpFilterParam *fp, > int nb_threads) > { > int z; > > - for (z = 0; z < 2 * fp->steps_y * nb_threads; z++) > - av_freep(&fp->sc[z]); > - av_freep(&fp->sc); > + if (fp->sc) { > + for (z = 0; z < 2 * fp->steps_y * nb_threads; z++) > + av_freep(&fp->sc[z]); > + av_freep(&fp->sc); > + } > av_freep(&fp->sr); > } > > -- > 2.20.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On Sun, Dec 01, 2019 at 11:04:36AM +0100, Paul B Mahol wrote:
> LGTM
will apply
thx
[...]
diff --git a/libavfilter/vf_unsharp.c b/libavfilter/vf_unsharp.c index 95b4968d41..7b430b650d 100644 --- a/libavfilter/vf_unsharp.c +++ b/libavfilter/vf_unsharp.c @@ -218,7 +218,7 @@ static int init_filter_param(AVFilterContext *ctx, UnsharpFilterParam *fp, const effect, effect_type, fp->msize_x, fp->msize_y, fp->amount / 65535.0); fp->sr = av_malloc_array((MAX_MATRIX_SIZE - 1) * s->nb_threads, sizeof(uint32_t)); - fp->sc = av_malloc_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t **)); + fp->sc = av_mallocz_array(2 * fp->steps_y * s->nb_threads, sizeof(uint32_t *)); if (!fp->sr || !fp->sc) return AVERROR(ENOMEM); @@ -258,9 +258,11 @@ static void free_filter_param(UnsharpFilterParam *fp, int nb_threads) { int z; - for (z = 0; z < 2 * fp->steps_y * nb_threads; z++) - av_freep(&fp->sc[z]); - av_freep(&fp->sc); + if (fp->sc) { + for (z = 0; z < 2 * fp->steps_y * nb_threads; z++) + av_freep(&fp->sc[z]); + av_freep(&fp->sc); + } av_freep(&fp->sr); }
The unsharp filter uses an array of arrays of uint32_t, each of which is separately allocated. These arrays also need to freed separately; but before doing so, one needs to check whether the array of arrays has actually been allocated, otherwise one would dereference a NULL pointer. This fixes #8408. Furthermore, the array of arrays needs to be zero-initialized so that no uninitialized pointer will be freed in case an allocation of one of the individual arrays fails. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavfilter/vf_unsharp.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-)