From patchwork Sat Apr 24 11:14:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 27249 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a25:49c5:0:0:0:0:0 with SMTP id w188csp2034983yba; Sat, 24 Apr 2021 04:16:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyqVrM/Wn9sPatZdk6hP8iY+Y5aNa9I83REqRPmaOzGmnAC14VKTaZbwFHIgAYFmX+ceJWP X-Received: by 2002:aa7:cc15:: with SMTP id q21mr9971953edt.140.1619262979862; Sat, 24 Apr 2021 04:16:19 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id z5si8011885ejj.51.2021.04.24.04.16.19; Sat, 24 Apr 2021 04:16:19 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=YJ82vs9S; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1DDDA689D92; Sat, 24 Apr 2021 14:15:40 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-oln040092073067.outbound.protection.outlook.com [40.92.73.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0B291689F4D for ; Sat, 24 Apr 2021 14:15:36 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QDdsuMtzkW0jyfttg2G2usy7IUiHcok2tHSAXsipbGAtdal2k0QK7t96JpRf0umTMknVZIL1xEysXAbGzY9emtxTzFKbzczbt5GOGAuDWJOZWSMjv3Y1VJS4p47ypSn6z6pHYLjh2I/cwjhE9QhrcHVXTsremmXKMIbtnSLp0v6sw3IviwKJa4pM1MswEAGWAvQ8EMh/Ab8K2tqG0GufnRkXj+bw1FiWtfn1nzq5Lz56j5SMLuovqBQeWLYMs8yU5P86Tc6rtAqDpV6E4nLENw5qB7Wc77ZpNzBYWD2vluhebYc4zidmo6ontQizIHe835OccQJhCYHo0ijQtUVcKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8o5F8ln/C9f244NvxUKlmhNRS8sK6GgdTQcgUp6cZp0=; b=UjzAd6B2m1W3nQCdCPgIhSPS4GsFcIkKbvSED0KjYhWGxSv4ynVMttwx5gMajDk03cJNlSpcJswxfKoG/CtmTYJ2GAAmQo+dXUpo5KCmzvcNU/0aprrhXd4rf+LR7XO7jooWpkGyH+uoaBRGndVHU+iL+1GhrO+9Owb3XnuA/WPlSXeefHHtpfy3w8lpumsm4Vl6vnyhkGyeLZcGYdAVSY/syv70TckxkBU0HMK+EfmP3xX0f8dSz4Du1foi1xuXuKllIKukIbqHylpEt5j7kD4XoIyd/Ybq0oaZs3Ma/QBA6h0Ag1Wc/ClSXtf75iUiNjRlEb8fLyMrMEpvc7RpTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8o5F8ln/C9f244NvxUKlmhNRS8sK6GgdTQcgUp6cZp0=; b=YJ82vs9SP0CNTaSeW+K9wEvTLajWmHtfLRkPAzpR3VZpN8GqXPVqm4/itvLCZnX/MpNLFIMFdxWwFUMTSfi5pukVg9LO9F74p/FHGT+jgs0lqo8hg7U7BHd7/x3TSGuPBq1ttpJj9XnIXpq4bAOY/Fsk/40SQuguoaE9/eX4omnXSDNP1sEXsEtwEoEjKAEIEG+tKsye2gQmu8Vns8ga8waDAAKCUOJXjHJMY//cxp452UTw2HWQCYHRGQClaogWpZ5Wmi4JG1w0Ahpx5l4r/o86SDn0wRyVcJBZgG29ktEJ1FOr/u+9Rx6ozS9exD/7P2mAuVPkZ4uNCJcJwr/XTg== Received: from HE1EUR04FT042.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::50) by HE1EUR04HT094.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::348) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Sat, 24 Apr 2021 11:15:35 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:7e0d::46) by HE1EUR04FT042.mail.protection.outlook.com (2a01:111:e400:7e0d::159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Sat, 24 Apr 2021 11:15:35 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:B14977674572401B7F08C9D7D12D83F9596132EA3BFA612C972B89BA8D445D74; UpperCasedChecksum:60239E081FB1CFEBD147479DEE73A21D48F2B83C90D6D7ED37DD17D069FC1265; SizeAsReceived:7599; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7%5]) with mapi id 15.20.4065.025; Sat, 24 Apr 2021 11:15:35 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 24 Apr 2021 13:14:41 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [JyCLcqYJf6LsfQMNFF8d7QfQY20t91o7] X-ClientProxiedBy: ZR0P278CA0160.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::18) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210424111446.30338-8-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.193.248.86) by ZR0P278CA0160.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Sat, 24 Apr 2021 11:15:34 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 5797beff-bb76-4a65-c223-08d907124800 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiSHACczraePvIduOTLAdlim8w2p235HPiLNiiO9ou6NeiLgkM7spb8v11b7XXX/Y1ZbQ951FF5/9oVpV6YW/kodRA9OWj/DJPmKVR23rXXVfxWlmZyHX5NyukkuEaM8f325f1udHe1mKzdOqr45UyJ2kiBWeIMlLSChM39N+ZcaYDsWti7QvORZKUFKLkEsVhBnxXdRDth6snhP+ATeiKbZAF/yzcV1Lv3n8BP8BN1YMqL/mU6MoPPxcL3r61MZyEpWVsXaqReAQ52b8uP7cdfyue3kH9uX1YYes15bQgqj05PPhpVaX6bEfJImdJJCS+AEKc3rs8vAEIx54BhOe39+Lswn7dM8IPsR9yGPhOI+edcvdjv0GBFqSD3XWc89YNdXZKmeB1Jq/5Y/KPZgFBeAtnFTztEBlsSa9XZUv+XiVnmfhkghy6rcRcwy4/K1HnZ/fweymlup01xyNtIb1UNiX+62+6kl3EjyrkpW8QjVJ8/cSH6AhEqXJK85AMaTXd4zAMCVhBRm4Fa2C4L8S2GRYP35Dhz2rlOb5j03VJiWGnoXxFM4aq9a1mduECaOGSsZ2un8kJ6FQRqE3erlQkVo787Wl1Pw9GJuO/GNxVeR3sfTx2IH6kETtDxUC1LmTqEN6eBKMlMa+UaoWwYxddWNFKTACR6VzmrJeBexgZGiv9twAy7G0XcLzmcqkrFBaNi/v1D0FXKB/r50aLt6+T6AHlDG0+rN9mnIKWCp3NfGsBSGugy19YeVRB8P9fJyEcI= X-MS-TrafficTypeDiagnostic: HE1EUR04HT094: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tbUD2wqyUsiRQaQ1WRMSBZRTJ9Y0+rVgjUkm0G5JK9NWj60hoVuXVqDdqAfMYNwVlZymBMZhLUr0sNDmQBIR64B2tGfHIeegJIF/MS8i2wwLQdtjnW4PoEdU+cxEQOiSvp0DBbDpvWyr7Zn473+wUSAYtjyUFUG3rLeGU+/LASGEyd6/ZK/oXyY4+8FGFdjhfD6IEIuoCYHqaOpPJIi3cQ4hDRC2EyWlMqi54wI4QJwK8MWgEFLDpUN7fvhUABJy1KFmNjgLimJ+5uWzbfeNqLwBvOofdwKLTWAwh31U5/Wl6smMp3zKTC0ZEgcwfZ8GrT52DZoFN+4c9TsWOBDQKicrwRINySldOP5AjnETqfnuzpG70OAmEhfh1XVjYkCO6PWHdljMhg7EZWMzUb/EHg== X-MS-Exchange-AntiSpam-MessageData: vRED0o9sE/NmBIJPBD6gjTqZB488F9+dSbfJgd/0vVrBIj5/JTxWtWerNLnRGDalv3jIjPI7uNugzx2BgwkYU1wVODQtXc/4LLSzuZ6XmuyYJr0JtBY+f1Km5rYX4NtIuqYkGEC0pxn7ATr7Z3WN9w== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5797beff-bb76-4a65-c223-08d907124800 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2021 11:15:35.0659 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HE1EUR04FT042.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR04HT094 Subject: [FFmpeg-devel] [PATCH 09/14] avcodec/ffv1dec: Fix segfault with frame threading upon error X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Slmjizl4bjxx Content-Length: 1275 It is possible for the source state to be NULL, namely if an error happened in the src thread and it never even reached the point of decoding the slices; or if the allocation of src's states failed. Signed-off-by: Andreas Rheinhardt --- libavcodec/ffv1dec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 791dc073bf..bddfd8e2fb 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -256,7 +256,10 @@ static int decode_slice(AVCodecContext *c, void *arg) memcpy(pdst, psrc, sizeof(*pdst)); pdst->state = NULL; pdst->vlc_state = NULL; - + if (fssrc->ac && !psrc->state || !fssrc->ac && !psrc->vlc_state) { + ret = AVERROR_INVALIDDATA; + goto fail; + } if (fssrc->ac) { pdst->state = av_malloc_array(CONTEXT_SIZE, psrc->context_count); if (!pdst->state) {