diff mbox series

[FFmpeg-devel] avcodec/mfenc: fix double-free on init failure

Message ID 20230121012030.1471-1-aicommander@gmail.com
State Accepted
Commit 669ff26bc283c39334e7df3a81fd0db0088a7442
Headers show
Series [FFmpeg-devel] avcodec/mfenc: fix double-free on init failure | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Cameron Gutman Jan. 21, 2023, 1:20 a.m. UTC
mfenc sets FF_CODEC_CAP_INIT_CLEANUP, so calling mf_close() on
failure inside mf_init() results in a double-free.

Signed-off-by: Cameron Gutman <aicommander@gmail.com>
---
 libavcodec/mfenc.c | 1 -
 1 file changed, 1 deletion(-)

Comments

Martin Storsjö Jan. 21, 2023, 9:58 p.m. UTC | #1
On Fri, 20 Jan 2023, Cameron Gutman wrote:

> mfenc sets FF_CODEC_CAP_INIT_CLEANUP, so calling mf_close() on
> failure inside mf_init() results in a double-free.
>
> Signed-off-by: Cameron Gutman <aicommander@gmail.com>
> ---
> libavcodec/mfenc.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/libavcodec/mfenc.c b/libavcodec/mfenc.c
> index 36a6d8482d..f3415df10b 100644
> --- a/libavcodec/mfenc.c
> +++ b/libavcodec/mfenc.c
> @@ -1214,7 +1214,6 @@ static int mf_init(AVCodecContext *avctx)
>                 return 0;
>         }
>     }
> -    mf_close(avctx);
>     return ret;
> }

This change looks correct to me - thanks for that!

However I think it'd be even nicer if we could make mf_close safe to call 
multiple times at the same time (but the duplicate call should of course 
still be removed); if we'd reset c->codec_api and c->async_events to NULL, 
it would be safe to call multiple times, right?

// Martin
diff mbox series

Patch

diff --git a/libavcodec/mfenc.c b/libavcodec/mfenc.c
index 36a6d8482d..f3415df10b 100644
--- a/libavcodec/mfenc.c
+++ b/libavcodec/mfenc.c
@@ -1214,7 +1214,6 @@  static int mf_init(AVCodecContext *avctx)
                 return 0;
         }
     }
-    mf_close(avctx);
     return ret;
 }