From patchwork Mon Feb  5 02:58:23 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 46030
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:7b08:b0:19e:8a94:b663 with SMTP id s8csp512692pzh;
        Sun, 4 Feb 2024 18:58:43 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IHXPbh9lvW3ZesGx1Ovv7fJc7vvOM7QCHbd5E+D+QYYjAaJN5Tfp/mA65aeDhTL1H2YGQlN
X-Received: by 2002:a17:906:46d6:b0:a37:d37d:bbc4 with SMTP id
 k22-20020a17090646d600b00a37d37dbbc4mr281442ejs.60.1707101923236;
        Sun, 04 Feb 2024 18:58:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1707101923; cv=none;
        d=google.com; s=arc-20160816;
        b=P3K41FPPWFH06PbN+Yu7dQHIYUZ9JhY44CYPdK8Oy7zj/9IZsRIWZnqcZfaOI2AR5Y
         DxX/ZFYqzESaudvnXQpm3nEokb+U/Ss+4y+Td7/txUWurLqTNUsWyzKZsAjMa7AP5vsH
         no0gellEIZMftpSIVBKyiNo3Nr5AiM/ex6bzGkemu+bMa9n0P2bfdp8bZKjdWdPg2ds+
         nQbu95m3LLybgSR6DaBcebHqysC++LbNlRjpXQ2UEbpEY7fUSHYG9xC/VtiUIc+c/2sl
         iROocZlMiD0Qoebh44a0xH2tfmlj+Qle420wv+6243dIZ2sK6eAZeWYqHT0Qhq/pfO0k
         d6kA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=NzIkaPyLoA7MLx7nl3KvfycOplJkaRCXjQeHIb5xdoY=;
        fh=rL2yECAskaBJQHegzCOgWhhJfovqdoM8qLdWyULOF0Q=;
        b=GfKDo2bhBUhXi2WQGtMP0K/6hIib56zw8Y28ZJkbIu5ISvOI13TOh8KlmTHUkCv1qW
         Ns2NYknf8R2Yyiy3Ot095ql9WnGQRr+bJYvdNDo5ZZSJRbjEoZzP7/9cJLl5Qkepa94s
         n9gvi+TkvTtcXEOMxnJJwDtjlZK84h/IKH2bNcnAoFmuVFJlZGMQcEzMxdbMzlQ1lzfL
         Fper0DnZfOhEwGB99bxcX+jSDbaVbcs6pDiQWgvPkQWiujwyh26creVtDWSR7bMpkoUi
         Mb5EKg9cSnTNmeVChYkemzm/zWC/dFAKc5HGlRr6f3PJtwGmxZOzuRgC7aPmMdtQBu30
         62hw==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=EPDNCUlK;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
X-Forwarded-Encrypted: i=0;
 AJvYcCXHsncb/g1Uly4qQa5Xb2G8hOna6hSblWADGOT4PsqlwX78bJecsirPt4ZaVn9T/dRe/lFTiFj0fJqm8sNv/xtR/IiCj1J0Ql78bXi8Mu+79xP5jM2Jy6EKXWtlhsQp6nTDb3vk/Teflpw6fLghtgnqVJLR+4a/1gQmhdBIwVbcSBI9MhJHzG8fsO5DWtUGTI4fs+wxheHCZhWwS1DhMQq/7tjPKJtdu6YNkryE+bgdIZLIyKBp+CsERpBep4MWS8wzfrsixPHVTrsp36eRLgNIX6SN0gC/x7T1CVjjEtGqftZ3Wt1y3A1tU3mUYUOxmL2PY+qhVpizhkTFQ7ATLJXzTYnxbkxkVpfTtY+4PnTVSeHfUYkBAmbavF5gNlQUCW+3m9jB24OTuPzUOgtX3HIm2cj24dmAHk/kLVOjz+8mu5fCzxWSHDUYjxFaGcMTONnsiGJeDAsJUkxYmF26UQ1uanah+eJNgoZooqAhhCV+YMxNUAQMRq9PkNo3zjg4wbSjR/aPVCvkzDe2hYU6b9QjWveSvtq+NmJ6zdhCX1ii1SyBpjgu7Hkkya3REtODFWh2wCZi858Xqa+X4o+hhXss7orgR+1cQFSza0j24yEx+phj//+9oXIZMR3znFQr74bOGMAHlhjBZ7PA4hDh+v3Aa9rZD1OwTrNgaKquv8daPMUW6GoDlLtJUq2TA8azkH4nwh0qrZz2l1Te336prXQCAkk9l1bRL2NtKtwV4CJJvv3OYEgobDWoRq4+1CeM6PXqyFEiPSQ2LruifZAZMTvlENCIW33ICkgD7I7A2Z3Nt+Ephp357bY64clBGkGjm7WpYbWfKwcyDBQ+4y792D7pncI24x8opoC9VRjKHstiClKpKJalwA31gV2XUW4ytmW8z9+53SvPh7AiO1iZXTeCMIE7OysqCxwrRO02jDtotU3V0YxM84SGAbla9yLzoB0qrp
 swky0k+JGZl1Uz5ZwXwR4UBwEqcIs/V3x4MrWxR2/L/D5LTQo4lS+UhTslvJz5u90itRbG11Y2iWae3PD0PMYY3mslHG5kGYbuN2kg18foNz5Fwtu+lGHsLBnx2JhwdaqI6jZXgioTBivIaSc050ZvZJGwNoY/9b2ALUFb2aJwji9X1KpEDs7HUMg1bE9k0A2AT8ILV1rWIienmh4t8qA6/7iRAyj+EV6SIUu9xtKB4R3DTaR3v0Kp2p0N+OrjvOlGCe+72CHW1FXYJDA+qL4d2Lecds9H9CYKmU1bgGbIohmDcNp9EL2uztdOpNudLN4mOY8gAs7S2xjRA0QndZGp+RIsxBkwBjKHBtGi7hKEC2o9xL0gyMuqMa8jAy+wFisEYX9JVArgn3NgPQrX7evY4KSx8o9tqplSv4dchFduVzM/SsGQ6HSbEwG6rMK7ZcNM64qxD6txcWVMH94RkhsCMOUJ7zts31UaPiRTxfh1tQqkrVbnyDZVI9GwkDR53L3aT5QC5tDm16hbmMPQSmGmQ6elE76tU61L9OVF+sJbJKfy8ShACT86YizLiIE3Pzyp0IO/C8jEsjtAeRVUp6mJyvVGZZvBXh1Jkruk7O0bC6IcEaNaul5jZj5W7qM6m+eKYOcP7yDW
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 d16-20020a170906371000b00a298b1de849si3366612ejc.648.2024.02.04.18.58.42;
        Sun, 04 Feb 2024 18:58:43 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=EPDNCUlK;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2C49768CD39;
	Mon,  5 Feb 2024 04:58:32 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4462B68CD39
 for <ffmpeg-devel@ffmpeg.org>; Mon,  5 Feb 2024 04:58:25 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 8D36FFF802
 for <ffmpeg-devel@ffmpeg.org>; Mon,  5 Feb 2024 02:58:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1707101904;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:in-reply-to:in-reply-to:references:references;
 bh=OlYhoQbNzap8kkzwAokhmAeckR7/6SRwUNLn/2hmpgY=;
 b=EPDNCUlK0GvYfXefB9knj5Yv9pa3pYAyaxWovF1rzKOP+wLNUumPdWzSk7uFhu9Qey+BQb
 +sYgf6eEh4gehQRuI/fCy+AzzFNBG6ZP9eoXK578BA4hT8UFaT+SEIYLy+IkhcDYaQhU3N
 TyaO9Uj+L3zvwGshB/bosnVQsUlJqEwWZK5WcRoxeAfHOslK3zTqNSF2GcPuo7vdfKw9ih
 KHNdzso2hnr8cV3ga5NIHxuef9Co1JCJ3MZGOtTOdMKPxO07K78df2CVqNKktnzR5H5Bv0
 jaVdMoa2l3Ytb/rXbEKhT/1x7dgjfnK1wBqH/94HThEmhmMFM07uEgKxScSdsQ==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  5 Feb 2024 03:58:23 +0100
Message-Id: <20240205025823.4259-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20240205025823.4259-1-michael@niedermayer.cc>
References: <20240205025823.4259-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/2] avfilter/signature_lookup: Do not
 dereference NULL pointers after malloc failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: HXheCiLI4ofK

Fixes: CID 1403229 Dereference after null check

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/signature_lookup.c | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/libavfilter/signature_lookup.c b/libavfilter/signature_lookup.c
index 86dd0c66754..6e45fde1b5a 100644
--- a/libavfilter/signature_lookup.c
+++ b/libavfilter/signature_lookup.c
@@ -37,6 +37,14 @@
 #define STATUS_END_REACHED 1
 #define STATUS_BEGIN_REACHED 2
 
+static void sll_free(MatchingInfo **sll)
+{
+    while (*sll) {
+        sll = &(*sll)->next;
+        av_freep(sll);
+    }
+}
+
 static void fill_l1distlut(uint8_t lut[])
 {
     int i, j, tmp_i, tmp_j,count;
@@ -290,6 +298,10 @@ static MatchingInfo* get_matching_parameters(AVFilterContext *ctx, SignatureCont
                             av_log(ctx, AV_LOG_FATAL, "Could not allocate memory");
                         c = c->next;
                     }
+                    if (!c) {
+                        sll_free(&cands);
+                        goto error;
+                    }
                     c->framerateratio = (i+1.0) / 30;
                     c->score = hspace[i][j].score;
                     c->offset = j-90;
@@ -305,6 +317,7 @@ static MatchingInfo* get_matching_parameters(AVFilterContext *ctx, SignatureCont
             }
         }
     }
+    error:
     for (i = 0; i < MAX_FRAMERATE; i++) {
         av_freep(&hspace[i]);
     }
@@ -520,16 +533,6 @@ static MatchingInfo evaluate_parameters(AVFilterContext *ctx, SignatureContext *
     return bestmatch;
 }
 
-static void sll_free(MatchingInfo *sll)
-{
-    void *tmp;
-    while (sll) {
-        tmp = sll;
-        sll = sll->next;
-        av_freep(&tmp);
-    }
-}
-
 static MatchingInfo lookup_signatures(AVFilterContext *ctx, SignatureContext *sc, StreamContext *first, StreamContext *second, int mode)
 {
     CoarseSignature *cs, *cs2;
@@ -572,7 +575,7 @@ static MatchingInfo lookup_signatures(AVFilterContext *ctx, SignatureContext *sc
                    "ratio %f, offset %d, score %d, %d frames matching\n",
                    bestmatch.first->index, bestmatch.second->index,
                    bestmatch.framerateratio, bestmatch.offset, bestmatch.score, bestmatch.matchframes);
-            sll_free(infos);
+            sll_free(&infos);
         }
     } while (find_next_coarsecandidate(sc, second->coarsesiglist, &cs, &cs2, 0) && !bestmatch.whole);
     return bestmatch;