From patchwork Fri Apr 2 13:25:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26704 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id EB3A0447DF7 for ; Fri, 2 Apr 2021 16:25:39 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BF639689BBA; Fri, 2 Apr 2021 16:25:39 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-oln040092075040.outbound.protection.outlook.com [40.92.75.40]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 122806880A8 for ; Fri, 2 Apr 2021 16:25:34 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GDZn1c9u775orxQDRytWBMYnx/5xm+pjGKc3PnMG7i64al226OvbeYvRBlBPTcHOZTCNzuJBbmHqCFcg/ib35Qs42fO2UbI8OVSAK3KSOU+x0hjaJ9nk0ch6WnnswhNuws2C8ljQSxDMiG3F0ekQZktNIWfyYhNQn7JSdEPQ0x1U2hOOMd6lWttQ7zdMWapWmMvheRSWFRxiNeuuCwTmUG0YuKG615Yt/6iSblRDlFO37qQOeADzChIQp/zSL3vID0yTjiC08dMYWHvoFfT7tQr94xMjZFidHZeZ5TPfM4Vt6/ubtDGCa0uy4VK2zCRj0S8JugEPKxY+w0qwB4zp0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KuRpOnnlQdarZSl7sxUDu+5p17x62zRlb1OVy8Ec5Vs=; b=PPnzLZYEnRgTONnyT9+T8Of6jp5XeqOPw2auohqdOsV5WVS8UnTbtJSN92anfmjAqmeAj9DaYLQlSvh9yMQLwEvub+E9LvAUMDGu3qi9wKgqlR71dESo8PG+KXpcbd+IRmDWYq/f8g3fJN9jqDru86oKapaKF7V3q23W36eiZdDYa4u4VfvWafN2G/yY2o3D+zpIAXkHcvD0LS0ZgDnODjKMp7xjWzMfQL1XwLvP5tIAQ1cERz+EoxjdEnOrvGkXHXQ5QxL3caKWpy1R95Z+AJxj0XAK+b+1G7rmeUAzFfK4e3ME/iBC4GzEJrYXTmxGSBtOlxoqADLOryiLT0D5Aw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KuRpOnnlQdarZSl7sxUDu+5p17x62zRlb1OVy8Ec5Vs=; b=K4iDcenNPWpz4E8565xR/VDs2Qwd7ygSS9syBfFptfHymfuLTdfevzZWBPS70SXcdNd0I4aSquot1ZDc1IElQGt3nLjnRnnuIchKn3qQuiVthtU//SlwAZ55ajomf0eUllzT8P9ecfbtOW5Yb3JI4CVEXaT9iyxDAOY/WFPnb8u+JM+8zbIhwzZt2yY3MqTDVq8K3KEhjhcd+D4bjTVIgPMs/QQtbktKRtLUHP1TeutK1LKoiXlMDa/fX33N5s+oSDR31L3eCcRtITGhHyr8olCUgRqM7dpTnu9MTmKkbRRL/o3S4PMG5igai1pwxxyCt+SOArtxh6neABxYMgz9Gg== Received: from VI1EUR04FT014.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0e::4c) by VI1EUR04HT102.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0e::239) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28; Fri, 2 Apr 2021 13:25:32 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:7e0e::43) by VI1EUR04FT014.mail.protection.outlook.com (2a01:111:e400:7e0e::172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Fri, 2 Apr 2021 13:25:32 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:2EDA3756022D218C6EAB59FA60C5B2FAADBB2AAD09A7C99EC8E00EE67BD29DC3; UpperCasedChecksum:BF2F2DECC0EFFEE2847EE73BDE89C5C62976444E3F29299C30493659617C0716; SizeAsReceived:7400; Count:46 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::8128:5de5:4e94:9a21%3]) with mapi id 15.20.3999.028; Fri, 2 Apr 2021 13:25:32 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 2 Apr 2021 15:25:21 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 X-TMN: [fCvh3GbaA5VVi954Ezt6n5RhsITRb30C] X-ClientProxiedBy: AM0P190CA0010.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:190::20) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210402132522.2506006-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.192.137.96) by AM0P190CA0010.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:190::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.28 via Frontend Transport; Fri, 2 Apr 2021 13:25:31 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 46 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 4ec40eaa-b044-4d52-8471-08d8f5daca5a X-MS-Exchange-SLBlob-MailProps: gjx25WM8ZNWm3GLoeUntTFXwUkburi0SG3L3o0QEd9I11+0WpVpxsa5dfkZCYSw81uXBX4DFIg4wK092sM5VAkssSlHdmzNaWK12Zt9whIQrIXI8Cp0ph+000/8LAsKNO6uD0JsZypQdqAUBh22RME8qFkwfEi2Bw7E6TpM/nDzWdEQIHdUMRyWa+RQALZ51tIGvyNnYe1JOvpzZPkLOZZz/vNfYt6ldIsuYvO3l/AYNJYZFJRAQIXWrPmp7IRtoTBAoQGsXoXG1NBDC7Jv0QKN94qIvBTA5rzQQxZg10ylJJCK3EmeVAWfS50H8o6EiSynvIFbVz+3QIcCIADYZZg6MVNX1je+CXROFg6yMoPIngTZC5R8GnhQm9B6apsyGsiKZjzUXnESLlGsMOsGlHp+N8RzaeQrvvBreK5taEJPbvLGuy+kGV6+aTDdWyDWn1t4TnaaZN06tRoWkn4T3DKGdqCSr8e89t1EHIoPtlXYy8pilvTTKQOAJ1qLEhCQvHzyptp0gccV2x7HzUbDYxluNUapV0VSQM2QK04dRUfeeptvei9dVZ4eP1nfPf+lzYqPaT5AJH+ZonHXbG2VGMtwB1W5iq61nkRdQjcm8RKuPPDve0+N9ik/+Cph6rWcQMjnYRFBHkJ4+iBmQ8zvclgSgs6K7tafiCYahfIupnBnpLOKY2vN+AGirOCZ/tCgMm4punqbcJqrKucLg6Pd4mLdBup2QRTg78d6huZf7m9c= X-MS-TrafficTypeDiagnostic: VI1EUR04HT102: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ny6XA78AImM8KnFg7A8x8Az/rXWuHjMBDfONajKgGP8ou3+08TJkZ2aJC0UfaDHGn0v9LrYPXpYq8+UiEASEGZNuCOHLXsOnlcj147HZMOreoWbm/sPoYCXAhrji3vlClGcq90mje7CEwLmIvqfJfDsY4EFIfpwpbaG253kZLKTxl+ch59Lp5y3ZBX9GXqr5oRjZCdm7CGJGRXI67ZbXlosuwdShye/yr7zSc9wkIZE4JC6BxCl+Js4zRVyWjAJa8dEf2ILKgsLLJEzCT+Iu+t/ubEqe1X9xLynHANssmqui+nulW+xeX2I/hMmJr2AeRgxs+mOa8Zc+rvE7mw9d/6Ybzxrzd4NNALysnHY8fTdOxGy7Wu1h32iUftZeYRASft65xp6BrG1afMAE23hG4g== X-MS-Exchange-AntiSpam-MessageData: k/aAoFSre/AKvX0CuHL8O+6RKIIE4/XQFz1zZQPN5LZXgobJ8tWhzYFBu/NF88klLntdTapVEQV1O5IL3TSK+/Eu/DCzt4kQPejoUck9NNtXDiSoRzSLDR1kkWJGM9NoNd1gqNAkluQiZ8G3EvoNkw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4ec40eaa-b044-4d52-8471-08d8f5daca5a X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2021 13:25:32.2419 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: VI1EUR04FT014.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1EUR04HT102 Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/bsf: Fix segfault when freeing half-allocated BSF X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When allocating a BSF fails, it could happen that the BSF's close function has been called despite a failure to allocate the private data. Signed-off-by: Andreas Rheinhardt --- libavcodec/bsf.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/libavcodec/bsf.c b/libavcodec/bsf.c index d71bc32584..157984bd9a 100644 --- a/libavcodec/bsf.c +++ b/libavcodec/bsf.c @@ -45,14 +45,15 @@ void av_bsf_free(AVBSFContext **pctx) return; ctx = *pctx; - if (ctx->filter->close) - ctx->filter->close(ctx); + if (ctx->internal) { + if (ctx->filter->close) + ctx->filter->close(ctx); + av_packet_free(&ctx->internal->buffer_pkt); + av_freep(&ctx->internal); + } if (ctx->filter->priv_class && ctx->priv_data) av_opt_free(ctx->priv_data); - if (ctx->internal) - av_packet_free(&ctx->internal->buffer_pkt); - av_freep(&ctx->internal); av_freep(&ctx->priv_data); avcodec_parameters_free(&ctx->par_in); @@ -110,20 +111,6 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx) ret = AVERROR(ENOMEM); goto fail; } - - bsfi = av_mallocz(sizeof(*bsfi)); - if (!bsfi) { - ret = AVERROR(ENOMEM); - goto fail; - } - ctx->internal = bsfi; - - bsfi->buffer_pkt = av_packet_alloc(); - if (!bsfi->buffer_pkt) { - ret = AVERROR(ENOMEM); - goto fail; - } - /* allocate priv data and init private options */ if (filter->priv_data_size) { ctx->priv_data = av_mallocz(filter->priv_data_size); @@ -136,6 +123,20 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx) av_opt_set_defaults(ctx->priv_data); } } + /* Allocate AVBSFInternal; must happen after priv_data has been allocated + * so that a filter->close needing priv_data is never called without. */ + bsfi = av_mallocz(sizeof(*bsfi)); + if (!bsfi) { + ret = AVERROR(ENOMEM); + goto fail; + } + ctx->internal = bsfi; + + bsfi->buffer_pkt = av_packet_alloc(); + if (!bsfi->buffer_pkt) { + ret = AVERROR(ENOMEM); + goto fail; + } *pctx = ctx; return 0;