| Message ID | 20200914052747.124118-21-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | a0750f412ade5a969b1f90e038d707d531c97342 |
| Headers | show |
| Series | [FFmpeg-devel,01/16] avcodec/snowdec: Use ff_snow_common_init() directly | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On Mon, Sep 14, 2020 at 07:27:44AM +0200, Andreas Rheinhardt wrote: > When allocating FFV1 slice contexts fails, ff_ffv1_init_slice_contexts() > frees everything that it has allocated, yet it does not reset the > counter for the number of allocated slice contexts. This inconsistent > state leads to segfaults lateron in ff_ffv1_close(), because said > function presumes that the slice contexts have been allocated. > Fix this by making sure that the number of slice contexts on error is > consistent (namely zero). > > (This issue only affected the FFV1 decoder, because the encoder does not > clean up after itself on init failure.) > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavcodec/ffv1.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) LGTM thx
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 93cec14244..5b52849400 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -115,12 +115,11 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f) av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f) { - int i; + int i, max_slice_count = f->num_h_slices * f->num_v_slices; - f->max_slice_count = f->num_h_slices * f->num_v_slices; - av_assert0(f->max_slice_count > 0); + av_assert0(max_slice_count > 0); - for (i = 0; i < f->max_slice_count; i++) { + for (i = 0; i < max_slice_count; i++) { int sx = i % f->num_h_slices; int sy = i / f->num_h_slices; int sxs = f->avctx->width * sx / f->num_h_slices; @@ -152,6 +151,7 @@ av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f) goto memfail; } } + f->max_slice_count = max_slice_count; return 0; memfail:
When allocating FFV1 slice contexts fails, ff_ffv1_init_slice_contexts() frees everything that it has allocated, yet it does not reset the counter for the number of allocated slice contexts. This inconsistent state leads to segfaults lateron in ff_ffv1_close(), because said function presumes that the slice contexts have been allocated. Fix this by making sure that the number of slice contexts on error is consistent (namely zero). (This issue only affected the FFV1 decoder, because the encoder does not clean up after itself on init failure.) Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavcodec/ffv1.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)