From patchwork Fri Aug 13 17:48:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 29498 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp1042638iov; Fri, 13 Aug 2021 10:49:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzswSvJ2Ruvf146DMPklOhg+MIhxZzaOavMTEQSmMKHhDpUvg2ilxZPf2fskGblYcNGlxES X-Received: by 2002:a05:6402:498:: with SMTP id k24mr4658607edv.25.1628876965295; Fri, 13 Aug 2021 10:49:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628876965; cv=none; d=google.com; s=arc-20160816; b=qpD5H3E/P7bLj2tEd3eT5NMRdU6JTzlraGWOioef3OGTHkScUofP7Bqbqwk0Y88iJO BrWQUGXrI6unsf6aRnqK1pmOLx9lig/NRFxMt7Dr8p9Y3Xe1L7IrD3TsveCXZEhnXi5/ 4zYjoulR1ZIpPY0XMcNiNFcyXC621N2GmM/0yJasSYIdwkTwXmxp/fCsW+DFoycGGZKX KekJSnbecmOTxz7ClHufxQ6oLx5yQn0Nnw5+MfSUzzlwR0U+6shcYyKqlYSWLjfTY1i+ 2p/BlmguIlkavkeZPMFIva0S135bryXwZNB9doAqmdhqSndsoDGzz5mg+LPOv4xXm4HD IP4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to; bh=vp3WvuTosDjnj+8NIdYH2ZVEC16ClGyHJQbqUg+ji+E=; b=XkTSll+RZftO674R6aANp+JmvyuagMvv10/JtVjxF3YWImfWxLF/myUkyhAAiOgEmH 8FINkeTQ2dVcRnHyXwXb/2QvwsVLKC8tjzyQ516VJtsXBaUkmpgNytppIILnFwuPSvac jCvM6vozM5Iv279epheWp3r/xUj3UC8Q5aRVVNd1ehjOh6z26UK6VK2tjU1AuwOePgEp XVvf1r9L7qEOgbURH1/6+vuw4VoznrCS5GQmNRNTwbW4ajeDuGP/alKJI22RpZKwqPnn UaPLO86IlN5mc/zanC+hWszgq38sWnrl/1cLOvbPkxJkbADEGsgG9k5unZUHXPXp21TK 0GUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id o4si2123473ejg.206.2021.08.13.10.49.24; Fri, 13 Aug 2021 10:49:25 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7AD9268A2FB; Fri, 13 Aug 2021 20:49:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-pe03-3.mx.upcmail.net (vie01a-dmta-pe03-3.mx.upcmail.net [62.179.121.162]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 90E45689966 for ; Fri, 13 Aug 2021 20:49:16 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-pe03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1mEbIy-00Ar45-0h for ffmpeg-devel@ffmpeg.org; Fri, 13 Aug 2021 19:49:16 +0200 Received: from localhost ([213.47.68.29]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id EbI0mBKP4ljeHEbI0mEkRs; Fri, 13 Aug 2021 19:48:16 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.3 cv=BoHjPrf5 c=1 sm=1 tr=0 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10 a=PZeI36DOe00GBnZbZf4A:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 13 Aug 2021 19:48:15 +0200 Message-Id: <20210813174815.13273-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 X-CMAE-Envelope: MS4wfIxX9GF/tDnRaYe4YdS22b3R5neJC7QoTtFWOhmqk8f0xjNl1H8zEYxzSOaE+UvoDYcFDJnSpUwl1Ep83Quvv7pFk9bTbjIq1Gt5KWzqNx9MlY+pYrMH KLVRMIQW+2oVHQPF+Wd5ehMZ5kQ64pHF6Sg+CIOTEEjXCYSuSGEJMNkr Subject: [FFmpeg-devel] [PATCH] avcodec/frame_thread_encoder: Free AVCodecContext structure on error during init X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 9wcl0fCshtCd Fixes: MemLeak Fixes: 8281 Fixes: PoC_option158.jpg Fixes: CVE-2020-22037 Signed-off-by: Michael Niedermayer --- libavcodec/frame_thread_encoder.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/libavcodec/frame_thread_encoder.c b/libavcodec/frame_thread_encoder.c index 9cabfc495f..25a308173d 100644 --- a/libavcodec/frame_thread_encoder.c +++ b/libavcodec/frame_thread_encoder.c @@ -126,7 +126,7 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx) { int i=0; ThreadContext *c; - + AVCodecContext *thread_avctx = NULL; if( !(avctx->thread_type & FF_THREAD_FRAME) || !(avctx->codec->capabilities & AV_CODEC_CAP_FRAME_THREADS)) @@ -202,16 +202,16 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx) for(i=0; ithread_count ; i++){ int ret; void *tmpv; - AVCodecContext *thread_avctx = avcodec_alloc_context3(avctx->codec); + thread_avctx = avcodec_alloc_context3(avctx->codec); if(!thread_avctx) goto fail; tmpv = thread_avctx->priv_data; *thread_avctx = *avctx; + thread_avctx->priv_data = tmpv; + thread_avctx->internal = NULL; ret = av_opt_copy(thread_avctx, avctx); if (ret < 0) goto fail; - thread_avctx->priv_data = tmpv; - thread_avctx->internal = NULL; if (avctx->codec->priv_class) { int ret = av_opt_copy(thread_avctx->priv_data, avctx->priv_data); if (ret < 0) @@ -233,6 +233,8 @@ int ff_frame_thread_encoder_init(AVCodecContext *avctx) return 0; fail: + avcodec_close(thread_avctx); + av_freep(&thread_avctx); avctx->thread_count = i; av_log(avctx, AV_LOG_ERROR, "ff_frame_thread_encoder_init failed\n"); ff_frame_thread_encoder_free(avctx);