From patchwork Mon Apr  8 20:14:01 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
X-Patchwork-Id: 47957
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:3f98:b0:1a7:a0dc:8de5 with SMTP id
 ay24csp136950pzb;
        Mon, 8 Apr 2024 13:17:37 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCX1Bt7Pzoj12X/wL+MMlpo7Dx9WP+ulvgdNeQ/YrmMT8X/0wuw1vQq8RnVCLfRwp/zKqMrHCoMeKIYqGTckPGdNSxdMNuo82yGRdg==
X-Google-Smtp-Source: 
 AGHT+IFJgPGlDJSweywcoXurrYC73N2+9XNw6vOJEt7MqqpQ1fnYicyuKS6jzZmz2fbzYdDwQDhu
X-Received: by 2002:a50:d587:0:b0:56e:df1:53e2 with SMTP id
 v7-20020a50d587000000b0056e0df153e2mr7062370edi.22.1712607457645;
        Mon, 08 Apr 2024 13:17:37 -0700 (PDT)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 i11-20020a50d74b000000b0056dfc9fccf4si4187558edj.472.2024.04.08.13.17.37;
        Mon, 08 Apr 2024 13:17:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@outlook.com
 header.s=selector1 header.b=g6ZHbKee;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3E99668D437;
	Mon,  8 Apr 2024 23:16:17 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
 (mail-db8eur05olkn2086.outbound.protection.outlook.com [40.92.89.86])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4A63268D41E
 for <ffmpeg-devel@ffmpeg.org>; Mon,  8 Apr 2024 23:16:14 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=l8Rpn/YIYv9vLcPGQj2z9VVMvcNcIStVdk1efOXFTd/qlVSDhq0FtU/Bg7fYdTJBigl27jxUTlzSLpykZoi2wKFlHsQDGUE/pEEwzQT4g3tUkXjo2/Cy1KgOhsAxy8YApd6Uj/1MSpSVE66dC6m6EXWI1/sbkddNtGseTzzbRlepE8b3223nDzrCW32iNEJuhINctQZfHUelK7DTnSWMug5cvqTKh5HMUg7LXFrJxIjNDka52ctSF0sqINNyVFDULEzNOjfRUgrRy0ajzNxg/M+7cwRDqPwwl99qvmpzd9AsLvpZWtB4nY5JMTiNMRQM21DfYEtumbFjqJzzEfcgSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=GPa7ox3JT4ZEboPb/OHQu9h3vkJZNmKQGA29YMKSii0=;
 b=PhZFZI1FzV/i2N6iMWTJs8dvLwyrfk3Usuq5gxHRP7uIsxrcrWVl2n1NoZnPFxX0SsCgP7YvN/GqLRw+9PgBzwbVpw6bnlibfhvuFLaVtFx1sjH3T25+Ouvbm3VsCJ0L6S6CfZpmZJ2TTJxGt5fOCEiLLFXdURm/zX6Uy3kY8zkA/e+XV911MnzsfbFo/gXCDXMWQmQ4yQeTyEmYMYypB/pRMvTAVWJ4HLTEsYGYSejGBBLdPcVoU77efMYQ/uBrJapk6rY9Gqor1jxfqq19UHvF2jMG/FVxjCdiP3buMM3VqKhbAoquQXUh85lHnVX13QwWrZbW2dp4K33b+YWvFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=GPa7ox3JT4ZEboPb/OHQu9h3vkJZNmKQGA29YMKSii0=;
 b=g6ZHbKeelrI5V2Ja127lvvc3Ur0KxCaZnd/1umIib3WzMNqNae2HC6X8Zhs5gCQgxoNjeILWhP2XMF4IQdWPcxPZ6t5bOlG6D3zYhzP2h/YakIbbdUsKoxVEwKH1NnFANPqqpzC4pxj7qRkuDrFpwbudED+Nm6qFRUtFBIRCJ27N1aZZfmCbi5MUklzAIDX+R8RreouhZHBf8hv6lieI2tbTLH3rkVv/UeqI4/2neDx1+PeL1btFU8TUf1DtyvhgxSfGxhE8uoFLPTbOd89Sh/7qQUsH768Ws0h0Y5/vG034V5syMbw4LEnvCcVhpBgCCWHngsTjN5lqrbaFNlpgjQ==
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17)
 by AM8P250MB0171.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:322::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 8 Apr
 2024 20:16:11 +0000
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Mon, 8 Apr 2024
 20:16:11 +0000
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Date: Mon,  8 Apr 2024 22:14:01 +0200
Message-ID: 
 <GV1P250MB0737387A17B44CE87332B14F8F002@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
X-Mailer: git-send-email 2.40.1
In-Reply-To: 
 <GV1P250MB073755270DAD40B30BE913B78F002@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
References: 
 <GV1P250MB073755270DAD40B30BE913B78F002@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
X-TMN: [zUYjPGkk1FbY1TCznpNA7QcJXyfgo8V11R25SS+l5VE=]
X-ClientProxiedBy: ZR0P278CA0124.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:20::21) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 (2603:10a6:150:8e::17)
X-Microsoft-Original-Message-ID: 
 <20240408201405.2136840-22-andreas.rheinhardt@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AM8P250MB0171:EE_
X-MS-Office365-Filtering-Correlation-Id: e70c86bc-0040-46df-2833-08dc5808bb71
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 Ix2xciQs6bOzKQuCaQC1gjjfDRCrhQFBF8sLDdFRMLFSe1Vtc+TjVF/Wwgxp+7wae1ZcWhWxftXpq6jaqkwZ3TiYKDcy0sDlCpUa/Ejv9cS1yTJa+oiqmmmj05NV16LZCLj1QlCkWOtVZJ5lBg+fqlLMFc8XpaxPpK2ru1LsjWmYDs61euU8rwT4Zux9Q5E6IUtZgdOUox/l5cwGsw2GEdWTShaFHFO94SlLZ7YHMc7V9z2JQnB7GfTrzEsE5F3X96U+ugC0+H/sSLKTmTPCIg1SSm8CFQLd1RQdSIHQDAJwZPsNeoTQGF2X2HD1aZPwqVDIVluS/awOPFBUIBhn8JdTTh3sQKPTqhX1U1M+vkUvzCyf2Jd0s45ws8ZBJ7k6HoZxndOoJOazf9GTLqbRe1HLQQIyBkhyWLkCyK+ELSvHPMtMQbx+es9kKK/aUB5vhzAILnQ7arU1BHQrm0jNXfhIHlXu/mctjnAl8cvrgvvHqt1xEOZ2aVwtUf/2mdoxgGnSg9BV8rO/13qiPlKJPSXnbHhxfe09g7TDFsBEcoujLOvkwS2zVr5JcJDQ+5ko8Z6PT8PM5iQw83sJ25JTvQgDxe1ei96ze35isSWBdkLJ5Dg0fKsSxar0kDyRUv+J
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 fwN9rbe4QNmIEIBt5PvhP0phHVuTAyU6AIq0Gah6q2p6VZcR29i2uMmgXtgoSu0HSXQ8G+zYTNY6pSf/CjB4/zqLl0vY11Rxo8LPQaCltCZ4rBhU/V4sggvwlsNWB6BFIj5SgkulEYJpnU64/NNLZ8Kn30Of8QlqKAfgQA3bEF8337pfeXUvo0AswP6newHT/0udx7lUeGa6IcDLuBgxturDj8zPoFlootSqobhD8sOclKjlEbuqlDj+caVfmLD2zx/v5U1kQOkQiG8tLdPawYx50GtDC5QXJOfb5Otzq79SkZQKXH4PgvaAA4piHg4gK7NmbghypJ7M/gauF6XeWqevdfXwvDTkRMVIGkmlXVxtVgrfaVrJrZSWzdY1FKAbmX9m28h0pE7NEuR8UtY0+YwEH3DujeSHf08P2VS5a1xSPawTvVqmz7cnW/larN83sHONHnBFBpWbwZihCUBO5LtPLJQ+ciEo7mbHM4QulBKIKqCgeZ9+Kj8iF6X5kfvbVKvTJOQMQ5pf9WYsFaaAyCBn8pBfktI9joI359qXkdmjMg0LXgItF+IcKjXewVEvRgA7E8F87DDM4Xoxjzj03HD8TfuR3tQvP3mytI7MXb9AG4oaa33qZgytS0dSJalRjbTnNN/fEmMHkoh4JWLOLrPM7V+XpqcxGYhtmaYVTU/NqhXvVomZw6wSWrAyLdIDj2B5edyXO6ckANvzG+Fc5+63dY4aJdvSz5xM5Ffw4a7e4SZmc+v7wCFceuilKeLilPIjbkdps5pqmUb2ulC/c2z5fKVFQz0+fIR9YCO+e4wYHaQnUQhhYVOUh1qgHyk9jTsoMZEVJ6Mmhjbn+dFlM9/bKMcEk+zt3oIxTLLXGqtJY5NE8iu21lnmG9YDnrhfWrOX1cEBkeaiHhkadIBqG+jnGq7bsX2tx8uUaSFEeQFtvWY03osWfDctQVN3sBepq7I/BEAlTMs3RDH6fBXK50ajTTWLvAFMKau0DhFrDDvsw811NuI/S+RwSmWyVX+M5XV4xkLUv4+zNt4HVI7dsh02B/b5NSLGagfuex/iKIsgrvJde+P5ELhshL5FFHqkdzQ1Z65LDUvXoO37ATvtDpyJj1uBPSUANIQPRL+rOaNnwxb+mXrAS+Z62AiRp0TrQPrUfTJdGpTCNe+R6Azqpo7yl+rcbpxT3bke0uz6KYKowMMKrBArJaJcsqZYLxBXWIwIo8nuhZmN+zxmX2fTOYKm8PxvvNQ57vNNa5xY5Td72u8E7s/B2W5i+5xjGVNEiq0FGkxLlP8KUz8kkXELxw==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e70c86bc-0040-46df-2833-08dc5808bb71
X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2024 20:16:10.9706 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P250MB0171
Subject: [FFmpeg-devel] [PATCH v2 23/27] avcodec/rkmppdec: Fix double-free
 on error
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ux/gh3Tq5hul

After having created the AVBuffer that is put into frame->buf[0],
ownership of several objects (namely an AVDRMFrameDescriptor,
an MppFrame and some AVBufferRefs framecontextref and decoder_ref)
has passed to the AVBuffer and therefore to the frame.
Yet it has nevertheless been freed manually on error
afterwards, which would lead to a double-free as soon
as the AVFrame is unreferenced.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
The rockchip patches are still untested (except for compilation).

 libavcodec/rkmppdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rkmppdec.c b/libavcodec/rkmppdec.c
index 7665098c6a..6889545b20 100644
--- a/libavcodec/rkmppdec.c
+++ b/libavcodec/rkmppdec.c
@@ -463,8 +463,8 @@ static int rkmpp_retrieve_frame(AVCodecContext *avctx, AVFrame *frame)
 
             frame->hw_frames_ctx = av_buffer_ref(decoder->frames_ref);
             if (!frame->hw_frames_ctx) {
-                ret = AVERROR(ENOMEM);
-                goto fail;
+                av_frame_unref(frame);
+                return AVERROR(ENOMEM);
             }
 
             return 0;