From patchwork Fri Dec 3 09:39:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yy X-Patchwork-Id: 31908 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp433713iog; Fri, 3 Dec 2021 01:39:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJziy766kEz/hH28GN3c4pPUBH/ztNNSOEMPeaIzyD4wxUeMiHLu1vAcLXjSFqeMvhi6Hm1D X-Received: by 2002:a17:907:d9f:: with SMTP id go31mr22624731ejc.412.1638524364390; Fri, 03 Dec 2021 01:39:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638524364; cv=none; d=google.com; s=arc-20160816; b=Z7kLw25/RxhxUr9TcDhihKU6Dpd4lTgjHVV6FS+Nai/GeSgAZ900bZC2UYJhC0urPu 8sWIiocjUf+FVcdFFRF4C7L7+gLjxLCsc3SGB/zaDb82Jyg4VXxoUukZNGneo403yB6i MSkMKNqIaIJztTQUXBLktv4j/2p1Maw2NUXQYd77Vw5/IkFcxA2nHxBGpIp44Rgfv03p xOIIV/Gr/8zb9M50ixYSf7f1wMm89+GSODHeDWf/SuroH8GY1s4OOtXwsfXS6slkwpIg TK4ZgIHN3uei4ggAWghVi0ft5ZkW9Bd6FF6CWx6HhlQfvy+ZtGwCv9ah7RNVUkDdQTpq EQUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=eTuwhCpNBCujD/43ZA5NVWmL1/KbYl9Y/xkKYl2e+PM=; b=jAOKu99yaIs7QsNhcioBbSY51Ob86KG/FrjL+RNKF0nIPsqBHIYRswHUJ3/aZSL8d/ iiR2wha3wWSKPbKUFu9ncb+XqI4G2rB19BNr9+6mQ5u+X4kNIsFT9i7VJtkKWF2NGLOf r0Dn9hWg4fE4HTRSrQf5HkopBhk+ZjVtAyrYjOQdoZjjiOwbeCdfuFKaS0tZueUsn4Dw 4U8W12e+fEnu2qG8vmTVi0WJJqsWcQdgIF1QzzYo8BLtNvP0iXsh7nP9RHpbS0EVebCW 96v4bE4L6gOAQ1B3r039/nhzgLvmhl8W+b9iImy+j9Qfk3+L/baicne5Zuh272GJoc65 us6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=K+X9tbCH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id r24si3578559ejy.582.2021.12.03.01.39.23; Fri, 03 Dec 2021 01:39:24 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=K+X9tbCH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 37B416806D9; Fri, 3 Dec 2021 11:39:22 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-m974.mail.163.com (mail-m974.mail.163.com [123.126.97.4]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 432416806D9 for ; Fri, 3 Dec 2021 11:39:14 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=uYYf6 kORUcHm3E+6BjcsKzDs2/HUXsHn4d8IZwa3L60=; b=K+X9tbCHZGxc6eq2MXbbJ qI/Z0W3z1AWlbafx4VcxdN2bDHqtl14VtwUo1GqDBd+ntwMo8gT3EeN0IhO6v0E3 p/9U7uf53RvoArXzt07v+KdaS5v355WboJwPMCJJT8X2buX+H2IzcQ1Hc+vY+kv6 EL55w8T4lGwlPll1F+v7Do= Received: from localhost.localdomain (unknown [103.107.216.236]) by smtp4 (Coremail) with SMTP id HNxpCgCXOtzB5alhTSteAA--.21073S2; Fri, 03 Dec 2021 17:39:13 +0800 (CST) From: Yu Yang To: ffmpeg-devel@ffmpeg.org Date: Fri, 3 Dec 2021 17:39:11 +0800 Message-Id: <20211203093911.65914-1-young_chelsea@163.com> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 X-CM-TRANSID: HNxpCgCXOtzB5alhTSteAA--.21073S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxCF18trW3Jr1UKw1fArWUArb_yoW5GF4rpa 43Cry7JFWkJr93Aa9xGrs8Gr4rJws3Ka4Fy34S9a4Yyas8Jr97CrZFk343uFy2qF9rAw4a g3WDGryUJF1xKw7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0pMksqUUUUUU= X-Originating-IP: [103.107.216.236] X-CM-SenderInfo: x1rx0wpbfkvzxvhdqiywtou0bp/1tbiEwJeSmE13JnpOgAAsH Subject: [FFmpeg-devel] [PATCH] libavcodec/avpacketc packet release exception X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: TOTE Robot , Yu Yang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: /wmpua4rZTG9 'pkt' and '*pkt' should be judged separately for release. SEGV by a READ memory access (address points to the zero page) ```c // in fftools/ffmpeg.c:515 515 static void ffmpeg_cleanup(int ret) 516 { ... 626 for (i = 0; i < nb_input_files; i++) { 627 avformat_close_input(&input_files[i]->ctx); // `input_files[0] == NULL` but `&input_files[0]->pkt == 0x68`, see below; 628 av_packet_free(&input_files[i]->pkt); 629 av_freep(&input_files[i]); 630 } ... 674 } ``` ```c // in libavcodec/avpacket.c:75 75 void av_packet_free(AVPacket **pkt) 76 { // pkt == 0x68, `*pkt` cause `SEGV`. 77 if (!pkt || !*pkt) 78 return; 79 80 av_packet_unref(*pkt); 81 av_freep(pkt); 82 } ``` coredump backtrace info: ==4536==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000068 (pc 0x000002a794d0 bp 0x7ffdf587a910 sp 0x7ffdf587a8e0 T0) ==4536==The signal is caused by a READ memory access. ==4536==Hint: address points to the zero page. #0 0x2a794d0 in av_packet_free /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/libavcodec/avpacket.c:77:18 #1 0x592107 in ffmpeg_cleanup /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:628:9 #2 0x55fe0e in exit_program /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/cmdutils.c:136:9 #3 0x4cfcd4 in open_input_file /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:1268:9 exit_program #4 0x4c9dc0 in open_files /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3338:15 #5 0x4c9295 in ffmpeg_parse_options /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg_opt.c:3378:11 open_file #6 0x58f241 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4988:11 #7 0x7f122a83d0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #8 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) Reported-by: TOTE Robot Signed-off-by: Yu Yang --- libavcodec/avpacket.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/libavcodec/avpacket.c b/libavcodec/avpacket.c index d8d8fef3b9..8348bec581 100644 --- a/libavcodec/avpacket.c +++ b/libavcodec/avpacket.c @@ -74,11 +74,10 @@ AVPacket *av_packet_alloc(void) void av_packet_free(AVPacket **pkt) { - if (!pkt || !*pkt) - return; - - av_packet_unref(*pkt); - av_freep(pkt); + if (*pkt) + av_packet_unref(*pkt); + if (pkt) + av_freep(pkt); } static int packet_alloc(AVBufferRef **buf, int size)