Message ID | cc6c9ed6c32e98d02bf0b65b900eb6f5d5c6512c.1586068235.git.pross@xvid.org |
---|---|
State | Accepted |
Headers | show |
Series | [FFmpeg-devel,1/2] avcodec/vp9: prevent null pointer use on init_frames() failure | expand |
Context | Check | Description |
---|---|---|
andriy/ffmpeg-patchwork | success | Make fate finished |
On 4/5/2020 3:31 AM, Peter Ross wrote: > --- > libavcodec/vp9.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c > index 7ee375d4d0..c125e22975 100644 > --- a/libavcodec/vp9.c > +++ b/libavcodec/vp9.c > @@ -1216,18 +1216,24 @@ static av_cold int vp9_decode_free(AVCodecContext *avctx) > int i; > > for (i = 0; i < 3; i++) { > + if (s->s.frames[i].tf.f) { > if (s->s.frames[i].tf.f->buf[0]) > vp9_frame_unref(avctx, &s->s.frames[i]); > av_frame_free(&s->s.frames[i].tf.f); > + } > } > av_buffer_pool_uninit(&s->frame_extradata_pool); > for (i = 0; i < 8; i++) { > + if (s->s.refs[i].f) { > if (s->s.refs[i].f->buf[0]) > ff_thread_release_buffer(avctx, &s->s.refs[i]); > av_frame_free(&s->s.refs[i].f); > + } > + if (s->next_refs[i].f) { > if (s->next_refs[i].f->buf[0]) > ff_thread_release_buffer(avctx, &s->next_refs[i]); > av_frame_free(&s->next_refs[i].f); > + } > } ff_thread_release_buffer() (and by extension vp9_frame_unref()) already does a check for ThreadFrame->f then ThreadFrame->f->buf[0], so this can be simplified into simply removing the existing checks here and call ff_thread_release_buffer/vp9_frame_unref unconditionally. See vp9_decode_flush(). > > free_buffers(s); > > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
Signed-off-by: Peter Ross <pross@xvid.org> Reviewed-by: James Almer <jamrial@gmail.com> --- libavcodec/vp9.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c index 7ee375d4d0..2e6cd912a5 100644 --- a/libavcodec/vp9.c +++ b/libavcodec/vp9.c @@ -1216,17 +1216,14 @@ static av_cold int vp9_decode_free(AVCodecContext *avctx) int i; for (i = 0; i < 3; i++) { - if (s->s.frames[i].tf.f->buf[0]) - vp9_frame_unref(avctx, &s->s.frames[i]); + vp9_frame_unref(avctx, &s->s.frames[i]); av_frame_free(&s->s.frames[i].tf.f); } av_buffer_pool_uninit(&s->frame_extradata_pool); for (i = 0; i < 8; i++) { - if (s->s.refs[i].f->buf[0]) - ff_thread_release_buffer(avctx, &s->s.refs[i]); + ff_thread_release_buffer(avctx, &s->s.refs[i]); av_frame_free(&s->s.refs[i].f); - if (s->next_refs[i].f->buf[0]) - ff_thread_release_buffer(avctx, &s->next_refs[i]); + ff_thread_release_buffer(avctx, &s->next_refs[i]); av_frame_free(&s->next_refs[i].f); }
diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c index 7ee375d4d0..c125e22975 100644 --- a/libavcodec/vp9.c +++ b/libavcodec/vp9.c @@ -1216,18 +1216,24 @@ static av_cold int vp9_decode_free(AVCodecContext *avctx) int i; for (i = 0; i < 3; i++) { + if (s->s.frames[i].tf.f) { if (s->s.frames[i].tf.f->buf[0]) vp9_frame_unref(avctx, &s->s.frames[i]); av_frame_free(&s->s.frames[i].tf.f); + } } av_buffer_pool_uninit(&s->frame_extradata_pool); for (i = 0; i < 8; i++) { + if (s->s.refs[i].f) { if (s->s.refs[i].f->buf[0]) ff_thread_release_buffer(avctx, &s->s.refs[i]); av_frame_free(&s->s.refs[i].f); + } + if (s->next_refs[i].f) { if (s->next_refs[i].f->buf[0]) ff_thread_release_buffer(avctx, &s->next_refs[i]); av_frame_free(&s->next_refs[i].f); + } } free_buffers(s);