From patchwork Sat Jan 16 05:24:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liu Steven X-Patchwork-Id: 24973 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 691F3449EC2 for ; Sat, 16 Jan 2021 07:24:58 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 367AC688134; Sat, 16 Jan 2021 07:24:58 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from smtpbgau1.qq.com (smtpbgau1.qq.com [54.206.16.166]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1885B6880D5 for ; Sat, 16 Jan 2021 07:24:49 +0200 (EET) X-QQ-mid: bizesmtp4t1610774678ts3cjcs12 Received: from localhost (unknown [124.65.31.222]) by esmtp6.qq.com (ESMTP) with id ; Sat, 16 Jan 2021 13:24:36 +0800 (CST) X-QQ-SSF: 01100000002000Z0Z000B00A0000000 X-QQ-FEAT: ptz89vG4AG8TCloxkZ4JciCjUF9bYVrS+esW6dQPPCewW9US0dHuS96Ub6s5k E4Exj/+syS3ssa/mnm0xFz9LaF3Ulok57bAi/3GszMR+UKM7LxJPAU9pmg0UWXK1i8RsKsZ KydI6yd0jUTkicUItoMOxUIkwbnzn2PgtPhxVv1MXPN9q3dkN9pIdeoRAGLjY+PIRZX2pKD bR9h1gm4AMnIv14WZW0iNdoF+3G0aMFr4kGFDqvsNbp73GdWSUhzH0KvZDv8CZXZpk69l9+ 2Rm0h9NNfEJo+vgbvFZF/DI7lNX+Q9ceLcBsqrhZl0/L+2 X-QQ-GoodBg: 0 From: Steven Liu To: ffmpeg-devel@ffmpeg.org Date: Sat, 16 Jan 2021 13:24:34 +0800 Message-Id: <20210116052434.877-1-lq@chinaffmpeg.org> X-Mailer: git-send-email 2.17.2 (Apple Git-113) X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:chinaffmpeg.org:qybgforeign:qybgforeign7 X-QQ-Bgrelay: 1 Subject: [FFmpeg-devel] [PATCH] avcodec/bsf: set pctx to NULL when av_bsf_alloc failed X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Steven Liu MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" av_bsf_free will free invalid pointer when av_bsf_alloc failed. because av_bsf_list_parse_str called av_bsf_get_null_filter, av_bsf_get_null_filter called av_bsf_alloc, and av_bsf_alloc should set a value to the *pctx before return success or failed, because it dose not initial a null pointer ever, so it will free invalid pointer in av_bsf_free which is called by ff_decode_bsfs_init. Found-by: Zu-Ming Jiang Signed-off-by: Steven Liu --- libavcodec/bsf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/bsf.c b/libavcodec/bsf.c index d71bc32584..5bb3349138 100644 --- a/libavcodec/bsf.c +++ b/libavcodec/bsf.c @@ -141,6 +141,7 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx) return 0; fail: av_bsf_free(&ctx); + *pctx = NULL; return ret; }