From patchwork Tue Sep 14 10:16:01 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
X-Patchwork-Id: 30238
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4842833iov;
        Tue, 14 Sep 2021 03:16:20 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJwQf/2LihrRuqNcGvFnXaLgKVeFi3KWJWSOERjlGkusra67XgbvHjURa39+TIXVUAxgLyRl
X-Received: by 2002:a17:906:3a4d:: with SMTP id
 a13mr17529180ejf.220.1631614580503;
        Tue, 14 Sep 2021 03:16:20 -0700 (PDT)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 d10si7397821eja.699.2021.09.14.03.16.19;
        Tue, 14 Sep 2021 03:16:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@outlook.com
 header.s=selector1 header.b=GJ3pQ1sO;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 41DB468AF10;
	Tue, 14 Sep 2021 13:16:16 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from EUR03-VE1-obe.outbound.protection.outlook.com
 (mail-oln040092072030.outbound.protection.outlook.com [40.92.72.30])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6E93F68AEE2
 for <ffmpeg-devel@ffmpeg.org>; Tue, 14 Sep 2021 13:16:10 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=RVAN2FNkK1diaOVR97iCUHeqbB97QYTCKNU7bIX/C2d06b9pY1GGS3WayLeSNhyfJ026dcpchDtO7hGQmH1zL7IcbSh0FjxFvCYexqVIo0mFTg/OehKLtf34PXQm1mG+BM9Lm71cxcTTAaTevH0CZjEdj0x5xRcTKwljKKYJ+CNL8IdQBc3XtI9VdQT9lqTjWINDPl/OVxiDmxz0sa1bgfDKPuk/CLijCh5/erJ7eXRIUvIlI5qvW50wJ/3jxVUapnQLMmeg4SXMUY53kTYFuCgER+dinQTQ77KqWn4s5LAXROZq+k0MbuFALVkRWXDHhtF3m7IEOkW1pK2/KAYVQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=7O+vpGFcRybBRbH1uz0WEdU8k3WvwccISbQh7nr139Q=;
 b=GgoK94Y6t0ZXlep+Fc9BHKmO2KxJ84+8JgxWED+8RgXKXWZWXJeoLGdZZbpu0o710coKMlsi5Hd9gEZ6MPwlc2z2658QozhFqcds/GbHaAT+3sItNHxv9FzfSOgoGeqM1q31Cv/D+j/3iZwObr1GnQn0S4+o1hLqbSDA8m90tPXE+NVDkcqv5FwocrAm667wIDpdJ+bExtTr7P06eyxMONqk9Zl6ZLlPduYi8CeVE2mHBhnOzjOjIsx7Goawsm3nPFa3RzQFHmav1vUygrZtmlqhB4PDsqmEVNxeMB8pEIZ1Wa98vvnTSUWmSaCV2f+q3OMLiuf3Pj5uG9+moUk4qQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=7O+vpGFcRybBRbH1uz0WEdU8k3WvwccISbQh7nr139Q=;
 b=GJ3pQ1sOeaJZk4onwXHutPUWilcv/WSqNxRAfcE31ZqQY6N6SidpjRa8eXYjFrdK9H0ut6rvz5LGg4tIG6sDeUMtkN7+gNf/qAd+/AS/Rnt52WkHF3CzmvX6PpHdx4FvqPwkEeQoYgdwUPaVRnaaWxP4F7Mg9iriPJGz6Ud6Q/GC4qD6sWAcWSTF76GoPmKeSZjUK8+DU7zHqr0fDo6HTdME4SsvTwnAeVuvU+B0qGE86gDhyg/Gvo+eako+CNK2fMbWy/T5LYwWmbvsieZMZ0rH4lSnCI6rg+efjA+v1aSDYG9AKCh18HhQlg2t95MV+8yMXmooAsRrvC58wucFUA==
Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22)
 by AS8PR03MB7159.eurprd03.prod.outlook.com (2603:10a6:20b:2ea::5)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Tue, 14 Sep
 2021 10:16:09 +0000
Received: from AM7PR03MB6660.eurprd03.prod.outlook.com
 ([fe80::787b:2156:ca99:fe00]) by AM7PR03MB6660.eurprd03.prod.outlook.com
 ([fe80::787b:2156:ca99:fe00%4]) with mapi id 15.20.4500.019; Tue, 14 Sep 2021
 10:16:09 +0000
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 14 Sep 2021 12:16:01 +0200
Message-ID: 
 <AM7PR03MB6660DC19DA1A3B34F432112E8FDA9@AM7PR03MB6660.eurprd03.prod.outlook.com>
X-Mailer: git-send-email 2.30.2
X-TMN: [52VaUeiban0ONW++CQX3v2udAGJZXTnR]
X-ClientProxiedBy: AM3PR07CA0106.eurprd07.prod.outlook.com
 (2603:10a6:207:7::16) To AM7PR03MB6660.eurprd03.prod.outlook.com
 (2603:10a6:20b:1c1::22)
X-Microsoft-Original-Message-ID: 
 <20210914101601.3325052-1-andreas.rheinhardt@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from sblaptop.fritz.box (188.192.142.38) by
 AM3PR07CA0106.eurprd07.prod.outlook.com (2603:10a6:207:7::16) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4523.8 via Frontend Transport; Tue, 14 Sep 2021 10:16:08 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 9dfc5b2b-cd90-4ce7-80ad-08d97768aba5
X-MS-Exchange-SLBlob-MailProps: 
 EpEO96k6WolwDO6daEKQzniqDSIkVGJFKFzgBwTUInmMQfwySGOrZ0tKyQrpT4cwGsSTzWtyKB4Rql/huysxhJFwfUGFgTjY01vSYuwDCn6Rk8a4OPjrAKDIG/MwDv6ysUvuQzFgOU+YAOVCJFPV96e0z139VIQS95CObpUe5DGf69eac2rWQDBy+3cr4zJdAW8Dvb2Fom0oLYs2+SgKlZKBVU4LpEzW0xMlUjuGget7BVVw6NYFObwBYQRdnxNUz8jT2EF2R597ye+s83Ml5g4Nz3pq6xKFKxJpmMh/W5VbP7YNpgG+/Ak9htwn64p70ZQkX65dPoaVd49ZaEyxM6kZZSBck1sAaBU5c5spyhFWIfCECVks8Z3xhq/lzJCClIPokF44Nbmw4WvVsqKfaFfto3bwZXMaa7gmYXwf9dBa6Ydrv+Osuu87d/Hafb9L1VB6E4Yj6R8sW9IJLqubwV6Pa2sv+J//e5Qg9izTuZhBSssy/2wIhUS7LlGYQiGy7aV4oh1OxI4Vr2b08euxaWk2SkAz9UEQ/trPlxNQL7ye6didJa+e7Z9fz9+jeyVcCWL9z1nAk6yLpIr4SMpBkH4yOEQYZ3aIYPRNW9RWcqsHSVkBk+sYJoEwL9CjV9b/GMdqb0ivABmPP3CJoowj+wQ9nWLDc/hRtO90+gjq18haXj6yoxIK4ttOUESu/dq/HbFIv5l9fBc1MUwQc34w2PfXaMYFg32cVL+DUO4i6usm6/caai+oazODaODuBIRL2TxGRM62oGI=
X-MS-TrafficTypeDiagnostic: AS8PR03MB7159:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 dqEtK1iT6oTEI39TXzO+qojGrxH0d1y29Xk5xx2z4m5663pX0pjfwGIVg43mfhPiamHe/jCMOTRrFRWjPEKRizCMgtGp+pmxoZIJbdEP++p7utd2E+IT9fYR5mQVCt+AOk7phX70xZUY6HZjxD6UAAFw04nOMyxWF9mklurClK4B4XENOUzXlPFa4AwWjCafAH70INk2lg6nlTrKhltflQ1skqKscVk5x+HOFthlNfAhynINarjRvNEFcSgmEem2t+VYLZnJAuO/RQUxACTffus4Ck94dwtxdDrOuOHZvkkHYUb73nIty8vKoYpETcYhf4JsZKBjaHqaqxQUS5Mi7BePi/g4/WYmCJWQbiDpQbsQXTEvbXLuau+RIgTZhrtTo8ejDcw5j+V1LTDuvPip2m59LHbX7F8AmNqxFIhrT9ko85xoYmWQx5+1ghm2HxZo
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 C7Hg6Oz5nFPqYDk2Xe5VJKW4Mo0hXdPdvno31AUs23Wh7FQ2s28jMIgywtzupxh9OT70rHBVUROPq15zfDDCbE95SFI74ScloMjuvSo/GkfCh33XuJtlw/Lm41XI+yuoj8U4ythbaXlDqIM4KQRIsg==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 9dfc5b2b-cd90-4ce7-80ad-08d97768aba5
X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Sep 2021 10:16:09.2458 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB7159
Subject: [FFmpeg-devel] [PATCH] avutil/buffer: Avoid allocation of AVBuffer
 when using buffer pool
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 2Vfhz1rqFE9R

Do this by putting an AVBuffer structure into BufferPoolEntry and
reuse it for all subsequent uses of said BufferPoolEntry.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavutil/buffer.c          | 44 +++++++++++++++++++++++++------------
 libavutil/buffer_internal.h | 11 ++++++++++
 2 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/libavutil/buffer.c b/libavutil/buffer.c
index b13eeadffb..4d9ccf74b7 100644
--- a/libavutil/buffer.c
+++ b/libavutil/buffer.c
@@ -26,16 +26,11 @@
 #include "mem.h"
 #include "thread.h"
 
-AVBufferRef *av_buffer_create(uint8_t *data, size_t size,
-                              void (*free)(void *opaque, uint8_t *data),
-                              void *opaque, int flags)
+static AVBufferRef *buffer_create(AVBuffer *buf, uint8_t *data, size_t size,
+                                  void (*free)(void *opaque, uint8_t *data),
+                                  void *opaque, int flags)
 {
     AVBufferRef *ref = NULL;
-    AVBuffer    *buf = NULL;
-
-    buf = av_mallocz(sizeof(*buf));
-    if (!buf)
-        return NULL;
 
     buf->data     = data;
     buf->size     = size;
@@ -47,10 +42,8 @@ AVBufferRef *av_buffer_create(uint8_t *data, size_t size,
     buf->flags = flags;
 
     ref = av_mallocz(sizeof(*ref));
-    if (!ref) {
-        av_freep(&buf);
+    if (!ref)
         return NULL;
-    }
 
     ref->buffer = buf;
     ref->data   = data;
@@ -59,6 +52,23 @@ AVBufferRef *av_buffer_create(uint8_t *data, size_t size,
     return ref;
 }
 
+AVBufferRef *av_buffer_create(uint8_t *data, size_t size,
+                              void (*free)(void *opaque, uint8_t *data),
+                              void *opaque, int flags)
+{
+    AVBufferRef *ret;
+    AVBuffer *buf = av_mallocz(sizeof(*buf));
+    if (!buf)
+        return NULL;
+
+    ret = buffer_create(buf, data, size, free, opaque, flags);
+    if (!ret) {
+        av_free(buf);
+        return NULL;
+    }
+    return ret;
+}
+
 void av_buffer_default_free(void *opaque, uint8_t *data)
 {
     av_free(data);
@@ -117,8 +127,12 @@ static void buffer_replace(AVBufferRef **dst, AVBufferRef **src)
         av_freep(dst);
 
     if (atomic_fetch_sub_explicit(&b->refcount, 1, memory_order_acq_rel) == 1) {
+        /* b->free below might already free the structure containing *b,
+         * so we have to read the flag now to avoid use-after-free. */
+        int free_avbuffer = !(b->flags_internal & BUFFER_FLAG_NO_FREE);
         b->free(b->opaque, b->data);
-        av_freep(&b);
+        if (free_avbuffer)
+            av_free(b);
     }
 }
 
@@ -378,11 +392,13 @@ AVBufferRef *av_buffer_pool_get(AVBufferPool *pool)
     ff_mutex_lock(&pool->mutex);
     buf = pool->pool;
     if (buf) {
-        ret = av_buffer_create(buf->data, pool->size, pool_release_buffer,
-                               buf, 0);
+        memset(&buf->buffer, 0, sizeof(buf->buffer));
+        ret = buffer_create(&buf->buffer, buf->data, pool->size,
+                            pool_release_buffer, buf, 0);
         if (ret) {
             pool->pool = buf->next;
             buf->next = NULL;
+            buf->buffer.flags_internal |= BUFFER_FLAG_NO_FREE;
         }
     } else {
         ret = pool_alloc_buffer(pool);
diff --git a/libavutil/buffer_internal.h b/libavutil/buffer_internal.h
index 839dc05f8f..bdff1b5b32 100644
--- a/libavutil/buffer_internal.h
+++ b/libavutil/buffer_internal.h
@@ -30,6 +30,11 @@
  * The buffer was av_realloc()ed, so it is reallocatable.
  */
 #define BUFFER_FLAG_REALLOCATABLE (1 << 0)
+/**
+ * The AVBuffer structure is part of a larger structure
+ * and should not be freed.
+ */
+#define BUFFER_FLAG_NO_FREE       (1 << 1)
 
 struct AVBuffer {
     uint8_t *data; /**< data described by this buffer */
@@ -73,6 +78,12 @@ typedef struct BufferPoolEntry {
 
     AVBufferPool *pool;
     struct BufferPoolEntry *next;
+
+    /*
+     * An AVBuffer structure to (re)use as AVBuffer for subsequent uses
+     * of this BufferPoolEntry.
+     */
+    AVBuffer buffer;
 } BufferPoolEntry;
 
 struct AVBufferPool {