diff mbox series

[FFmpeg-devel] avcodec/av1_metadata: don't store the inserted TD OBU in stack

Message ID 20210422220752.41938-1-jamrial@gmail.com
State New
Headers show
Series [FFmpeg-devel] avcodec/av1_metadata: don't store the inserted TD OBU in stack
Related show

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

James Almer April 22, 2021, 10:07 p.m. UTC
Fixes: stack-use-after-return
Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904
Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavcodec/av1_metadata_bsf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Comments

Andreas Rheinhardt April 23, 2021, 8 p.m. UTC | #1
James Almer:
> Fixes: stack-use-after-return
> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904
> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>  libavcodec/av1_metadata_bsf.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c
> index 328db5c0da..b1ae364431 100644
> --- a/libavcodec/av1_metadata_bsf.c
> +++ b/libavcodec/av1_metadata_bsf.c
> @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext {
>      CBSBSFContext common;
>  
>      int td;
> +    AV1RawOBU td_obu;
>  
>      int color_primaries;
>      int transfer_characteristics;
> @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
>                                          CodedBitstreamFragment *frag)
>  {
>      AV1MetadataContext *ctx = bsf->priv_data;
> -    AV1RawOBU td, *obu;
> +    AV1RawOBU *obu;
>      int err, i;
>  
>      for (i = 0; i < frag->nb_units; i++) {
> @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
>          if (ctx->td == BSF_ELEMENT_REMOVE)
>              ff_cbs_delete_unit(frag, 0);
>      } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) {
> -        td = (AV1RawOBU) {
> +        ctx->td_obu = (AV1RawOBU) {
>              .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
>          };

I think you can move the initialization to init. LGTM anyway.

>  
>          err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER,
> -                                         &td, NULL);
> +                                         &ctx->td_obu, NULL);
>          if (err < 0) {
>              av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n");
>              return err;
>
James Almer April 23, 2021, 8:18 p.m. UTC | #2
On 4/23/2021 5:00 PM, Andreas Rheinhardt wrote:
> James Almer:
>> Fixes: stack-use-after-return
>> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904
>> Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624
>>
>> Signed-off-by: James Almer <jamrial@gmail.com>
>> ---
>>   libavcodec/av1_metadata_bsf.c | 7 ++++---
>>   1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c
>> index 328db5c0da..b1ae364431 100644
>> --- a/libavcodec/av1_metadata_bsf.c
>> +++ b/libavcodec/av1_metadata_bsf.c
>> @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext {
>>       CBSBSFContext common;
>>   
>>       int td;
>> +    AV1RawOBU td_obu;
>>   
>>       int color_primaries;
>>       int transfer_characteristics;
>> @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
>>                                           CodedBitstreamFragment *frag)
>>   {
>>       AV1MetadataContext *ctx = bsf->priv_data;
>> -    AV1RawOBU td, *obu;
>> +    AV1RawOBU *obu;
>>       int err, i;
>>   
>>       for (i = 0; i < frag->nb_units; i++) {
>> @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
>>           if (ctx->td == BSF_ELEMENT_REMOVE)
>>               ff_cbs_delete_unit(frag, 0);
>>       } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) {
>> -        td = (AV1RawOBU) {
>> +        ctx->td_obu = (AV1RawOBU) {
>>               .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
>>           };
> 
> I think you can move the initialization to init. LGTM anyway.

Will do that and apply. Thanks

> 
>>   
>>           err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER,
>> -                                         &td, NULL);
>> +                                         &ctx->td_obu, NULL);
>>           if (err < 0) {
>>               av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n");
>>               return err;
>>
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
diff mbox series

Patch

diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c
index 328db5c0da..b1ae364431 100644
--- a/libavcodec/av1_metadata_bsf.c
+++ b/libavcodec/av1_metadata_bsf.c
@@ -28,6 +28,7 @@  typedef struct AV1MetadataContext {
     CBSBSFContext common;
 
     int td;
+    AV1RawOBU td_obu;
 
     int color_primaries;
     int transfer_characteristics;
@@ -107,7 +108,7 @@  static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
                                         CodedBitstreamFragment *frag)
 {
     AV1MetadataContext *ctx = bsf->priv_data;
-    AV1RawOBU td, *obu;
+    AV1RawOBU *obu;
     int err, i;
 
     for (i = 0; i < frag->nb_units; i++) {
@@ -124,12 +125,12 @@  static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt,
         if (ctx->td == BSF_ELEMENT_REMOVE)
             ff_cbs_delete_unit(frag, 0);
     } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) {
-        td = (AV1RawOBU) {
+        ctx->td_obu = (AV1RawOBU) {
             .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER,
         };
 
         err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER,
-                                         &td, NULL);
+                                         &ctx->td_obu, NULL);
         if (err < 0) {
             av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n");
             return err;