From patchwork Wed Feb 10 17:52:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 25552 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 63F4C44B9C6 for ; Wed, 10 Feb 2021 19:52:36 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3696168A558; Wed, 10 Feb 2021 19:52:36 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A7366689A8D for ; Wed, 10 Feb 2021 19:52:29 +0200 (EET) Received: by mail-qv1-f54.google.com with SMTP id j13so1250411qvu.10 for ; Wed, 10 Feb 2021 09:52:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=YE5eZ6J04p1Tue7bgZ6gUNNkGawa/y0oMVfTaNVPRI8=; b=e98jyKRr0FqRioMkVvnP4dbzonQihsieSvvWvF/ceXFxbCAQbp2FWVCAFnsGDIxB6M IzrgzIV46YtKnHVZ5TP0I8Lcgp2Olt1W6VE8Or4KGnizAdjtUjs612hrGlI1Ln2AaqJ8 hY6tk+Qwa87ht3EJ58oP3JcNuhobUNuwzS7kIP7U/X20t4P9j5R/9j4rw2xAh62o4RRA Au4rWtrAUeXVvGE902+BihaMMfr9bc+iN5/mBnbhWmWqeqYTHN7tu/xHr6m6hch2dIt1 vw+huiriunFmaaopRe6FkDIoyuxB6j1agMd7ZzIHPZA9Njx5b1r7Nf072G3bTmz744IS jP3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=YE5eZ6J04p1Tue7bgZ6gUNNkGawa/y0oMVfTaNVPRI8=; b=TdpneuhGy9NYYyryG7EST5Z/T9w7Tl4rC0J+kTABxeyLQ3F+Ai8R30DQ3eSi0kVHVG xDclBYOVYLwPtC9ewlqR/yOzzN4A2RsvjWqk4raVyBGO1yu1PYj5SwTb1zYIJWBSKN9N jknijQfIGbvWZa/pN0snaYY17CtnWCKtK+3gwsUITjNEPc2+xrGREiXCy1BDIigC4OjZ r2y18KT1X4wPFpoLC+XcCKYtrXE7lOBNj6xG+q8VQZW7VkghqxY27D0tQp7/94Fkns+L NTwsQ1OqypEdML0UhNf5KeCdu+M/Uv96MVQv6Kr/4T9+K0VVLYOFyam1J7pas49cvbQd De5Q== X-Gm-Message-State: AOAM533XrDJac/dD7g7Efa3PcLQqBNwc5GuaLUXMzvx/c1qSzUctUGMe SqmfC0IoIiUdz+r+BJhodJJepprkhs0= X-Google-Smtp-Source: ABdhPJw7dn9CU2acxjEyj146y0IMoNynRC3Oq1qU0UNSsz/2pGLt5u2xKewslaI3xe9WJzH48MzCvA== X-Received: by 2002:a0c:8304:: with SMTP id j4mr3894367qva.18.1612979547809; Wed, 10 Feb 2021 09:52:27 -0800 (PST) Received: from localhost.localdomain ([181.23.72.162]) by smtp.gmail.com with ESMTPSA id o17sm1766528qtl.47.2021.02.10.09.52.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 Feb 2021 09:52:27 -0800 (PST) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Wed, 10 Feb 2021 14:52:14 -0300 Message-Id: <20210210175214.8217-1-jamrial@gmail.com> X-Mailer: git-send-email 2.30.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/hevcdec: check that the local context list exists before dereferencing it X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Since the decoder is not flagged as init cleanup capable, hevc_decode_free() is being called manually if the hevc_decode_extradata() call fails at the end of hevc_decode_init(). In a frame threading scenario, however, if AVCodec->init() returns an error, ff_frame_thread_free() will be called regardless of the above flag being set or not, resulting in hevc_decode_free() being called a second time for the same context. Solve this by ensuring pointers are not dereferenced if they are NULL, and setting the decoder as init cleanup capable. Fixes ticket #9099. Signed-off-by: James Almer --- Maybe ff_frame_thread_free() should not call AVCodec->close() for thread contexts where AVCodec->init() failed and FF_CODEC_CAP_INIT_CLEANUP is not set? libavcodec/hevcdec.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c index 92eb888033..898dac8cbb 100644 --- a/libavcodec/hevcdec.c +++ b/libavcodec/hevcdec.c @@ -3417,6 +3417,7 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) av_freep(&s->sh.offset); av_freep(&s->sh.size); + if (s->HEVClcList && s->sList) { for (i = 1; i < s->threads_number; i++) { HEVCLocalContext *lc = s->HEVClcList[i]; if (lc) { @@ -3424,9 +3425,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx) av_freep(&s->sList[i]); } } - if (s->HEVClc == s->HEVClcList[0]) - s->HEVClc = NULL; - av_freep(&s->HEVClcList[0]); + } + av_freep(&s->HEVClc); av_freep(&s->HEVClcList); av_freep(&s->sList); @@ -3622,7 +3622,6 @@ static av_cold int hevc_decode_init(AVCodecContext *avctx) if (avctx->extradata_size > 0 && avctx->extradata) { ret = hevc_decode_extradata(s, avctx->extradata, avctx->extradata_size, 1); if (ret < 0) { - hevc_decode_free(avctx); return ret; } } @@ -3673,7 +3672,7 @@ AVCodec ff_hevc_decoder = { .capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_DELAY | AV_CODEC_CAP_SLICE_THREADS | AV_CODEC_CAP_FRAME_THREADS, .caps_internal = FF_CODEC_CAP_INIT_THREADSAFE | FF_CODEC_CAP_EXPORTS_CROPPING | - FF_CODEC_CAP_ALLOCATE_PROGRESS, + FF_CODEC_CAP_ALLOCATE_PROGRESS | FF_CODEC_CAP_INIT_CLEANUP, .profiles = NULL_IF_CONFIG_SMALL(ff_hevc_profiles), .hw_configs = (const AVCodecHWConfigInternal *const []) { #if CONFIG_HEVC_DXVA2_HWACCEL