From patchwork Mon Sep 14 05:27:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 22369 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 9F7E044A762 for ; Mon, 14 Sep 2020 08:36:40 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 910E068BC72; Mon, 14 Sep 2020 08:36:40 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-lf1-f67.google.com (mail-lf1-f67.google.com [209.85.167.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6E38E68BC67 for ; Mon, 14 Sep 2020 08:36:39 +0300 (EEST) Received: by mail-lf1-f67.google.com with SMTP id z17so11972410lfi.12 for ; Sun, 13 Sep 2020 22:36:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CLhABYhhOqdbbXlxofDfpmXpB7Lt7i0x8DI7tq8+8is=; b=LDHxJNI7dgUUTeVFGKwfl6J4OAuDLUCjPlk2EjLMHKBS5mib1Eu909eJiw2EoN0sh0 FqiXC5Ly+vp5JcHD/LUeXRNvFHKKT5iVyfNI/qehZM8iy9dh/eHxW58yJ3oOBh3B5jGm nlpDrg33c0H0rz1yZQDGaaHa8UgWbEObPqD1ipdLKQqjfRa/Q7zrP4jIQ45X+7F73fiE seIo/PsjAW1LM3aNs3+eVKTLVMIH8ejedRfp48DHbEC5+sEcZALMAWQdVQLBFb2fcANp 5RJkYl+HoETxqs9nOswypvkinPIAQKp+C+wamJHuNyhJt6S/A62dOttRQ3Re9pWmlctN Bn3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CLhABYhhOqdbbXlxofDfpmXpB7Lt7i0x8DI7tq8+8is=; b=LHrnSUGweBKR+WVevPSXWRvtDtA2NYtcjqirtlLNLBXbCS7jENeWcj/PmQvfU/3e9+ /JKhZm7fkQvp2M1NrE8H/X0qgghuBxjLM9YftMR6auBFuOM3i0tkkuUSmVAPIZD7s7vi rYlN14mDZNAckVy3fp+QYsNA8o/jMntWTNphJSqfGCv8TWc+2iuCLN1v5gOcMUfghsPg Pinkc6SioAW/x/hIDg8gRrh7GKQGHhBDdr8rZLeo0weYqxbqxiAXAxHnu4IRLX1a3aQF brJ3nL1ZYXEpCO/GmkSb4BfgmOwGv8FiAHtqAy7mgxASPScLCR6U1jJqmFEBIruJ+Yh7 Oghw== X-Gm-Message-State: AOAM532SFZQoGLMhLSDGOL41L9H6CXvmg6y+oAwL/QfoLq3B9ROORluA 9/ZT6LEuaa50Z/0evvyzozq73GCfHZs= X-Google-Smtp-Source: ABdhPJwvC0Oas8aBxth7Gl7vA6ZjNHR7dgB3ZZI8OIbBBOzYdOFERg284S1bzOYUMLAHGzfIMkhTJg== X-Received: by 2002:a05:6402:10c6:: with SMTP id p6mr15567138edu.76.1600061302578; Sun, 13 Sep 2020 22:28:22 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1fb0f.dynamic.kabel-deutschland.de. [188.193.251.15]) by smtp.gmail.com with ESMTPSA id f4sm8251421edm.76.2020.09.13.22.28.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Sep 2020 22:28:22 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 14 Sep 2020 07:27:31 +0200 Message-Id: <20200914052747.124118-8-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> References: <20200913025753.274772-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 24/40] avcodec/av1dec: Fix segfault upon allocation error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The decoder's close function simply presumed that some AVFrames have been successfully allocated although this can of course fail. Signed-off-by: Andreas Rheinhardt --- Once could btw return immediately as soon as one encounters an AVFrame that is NULL, because these frames are the first things to be allocated in init (and in the same order as they are freed); yet I wanted to avoid this additional dependency. libavcodec/av1dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c index bd8acdaafe..4b89bd83a0 100644 --- a/libavcodec/av1dec.c +++ b/libavcodec/av1dec.c @@ -388,11 +388,11 @@ static av_cold int av1_decode_free(AVCodecContext *avctx) AV1DecContext *s = avctx->priv_data; for (int i = 0; i < FF_ARRAY_ELEMS(s->ref); i++) { - if (s->ref[i].tf.f->buf[0]) + if (s->ref[i].tf.f && s->ref[i].tf.f->buf[0]) av1_frame_unref(avctx, &s->ref[i]); av_frame_free(&s->ref[i].tf.f); } - if (s->cur_frame.tf.f->buf[0]) + if (s->cur_frame.tf.f && s->cur_frame.tf.f->buf[0]) av1_frame_unref(avctx, &s->cur_frame); av_frame_free(&s->cur_frame.tf.f);