From patchwork Mon Sep 14 05:27:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 22353 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id C8BE844A49B for ; Mon, 14 Sep 2020 08:28:38 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B2C6568BBA5; Mon, 14 Sep 2020 08:28:38 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f67.google.com (mail-ej1-f67.google.com [209.85.218.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4429968BB5C for ; Mon, 14 Sep 2020 08:28:36 +0300 (EEST) Received: by mail-ej1-f67.google.com with SMTP id u21so21353445eja.2 for ; Sun, 13 Sep 2020 22:28:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=S49wdk4xDHZDrQDCFDSxNVKbun9RXf0ASgKW6zdiRYU=; b=VA8p4/IkNVFdLWtRdHxMy+ncr7ewSwAgb+UOKefaYrryPuXrJp5znK81uEipMUFsGn OxG9bzECFwULK8iSEoojGoGSynye8/jTrKGxzTH7UrWs2zYDUBgIgQgf71oE56fgGtct 8B5z3US1tR6L8ojnZNLXhq0ZJwbX2YskkO0Mexp52ccVL3F4NRBtyYFfaebu522wZ2uQ GJWBkCSucRephqTXl/q9ShcoRPBX9IBRIKkxDueLIVFcpgyF0ZiK95gNoQt2ArSAoiGX czsPPquB0aWBF79/bOXN6PTv7tJpBOkbT1558Oe6RfHfvMHL2e7VpByn1FvfEoku1R7A KzFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=S49wdk4xDHZDrQDCFDSxNVKbun9RXf0ASgKW6zdiRYU=; b=kGnyDO33IqfPGShydyRgiDsSJt08k7S0EgLgmaD1O9jHqKdXDjCdocUXTlGgWNhrwc pXqPxiPEfHe90emve5DfUWPnaJgJ1u4LS49aUWAmvHYLrhN7RPZ/KznqAerE+Bnu3RsC dhK81o7ae8I03SRWaotlop3jMHMojrkvcXnwIZWAEOvNoSfbQQwCSZ6i/BFrJM1gs8FZ aM2f64mStXqFawFzvPx4706Lyk6F18YVIys5xV7k+Sms7sTQsFWK1ACvTxYhy+vF6F+4 ML63vsF9Y96E6cYozsFDKDCZiNDiMWageqFfOYIu0IvybqFX8z9/7aLbwPnV6g48OOTE DC2A== X-Gm-Message-State: AOAM533NMCu5pj8SvhvsTslDfF03oBro7V4uj0k1voxfcagt4ExGRIik hjhNzinxqbdUkxyGUPnVJkshvq7Ebe8= X-Google-Smtp-Source: ABdhPJxivaGa4HEuy3DPzzqJJloyJrQIgLxuCaWUOrQcjacdxTAe1O0gFm110i0rznLIOkF4wIp3Ag== X-Received: by 2002:a17:906:48d6:: with SMTP id d22mr13147077ejt.462.1600061315407; Sun, 13 Sep 2020 22:28:35 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id f4sm8251421edm.76.2020.09.13.22.28.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Sep 2020 22:28:34 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 14 Sep 2020 07:27:44 +0200 Message-Id: <20200914052747.124118-21-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> References: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 37/40] avcodec/ffv1: Fix segfaults on allocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When allocating FFV1 slice contexts fails, ff_ffv1_init_slice_contexts() frees everything that it has allocated, yet it does not reset the counter for the number of allocated slice contexts. This inconsistent state leads to segfaults lateron in ff_ffv1_close(), because said function presumes that the slice contexts have been allocated. Fix this by making sure that the number of slice contexts on error is consistent (namely zero). (This issue only affected the FFV1 decoder, because the encoder does not clean up after itself on init failure.) Signed-off-by: Andreas Rheinhardt --- libavcodec/ffv1.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c index 93cec14244..5b52849400 100644 --- a/libavcodec/ffv1.c +++ b/libavcodec/ffv1.c @@ -115,12 +115,11 @@ av_cold int ff_ffv1_init_slices_state(FFV1Context *f) av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f) { - int i; + int i, max_slice_count = f->num_h_slices * f->num_v_slices; - f->max_slice_count = f->num_h_slices * f->num_v_slices; - av_assert0(f->max_slice_count > 0); + av_assert0(max_slice_count > 0); - for (i = 0; i < f->max_slice_count; i++) { + for (i = 0; i < max_slice_count; i++) { int sx = i % f->num_h_slices; int sy = i / f->num_h_slices; int sxs = f->avctx->width * sx / f->num_h_slices; @@ -152,6 +151,7 @@ av_cold int ff_ffv1_init_slice_contexts(FFV1Context *f) goto memfail; } } + f->max_slice_count = max_slice_count; return 0; memfail: