From patchwork Tue Dec 19 14:16:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhao Zhili X-Patchwork-Id: 45242 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:1225:b0:181:818d:5e7f with SMTP id v37csp8043888pzf; Tue, 19 Dec 2023 06:17:26 -0800 (PST) X-Google-Smtp-Source: AGHT+IFH5tJkr5k5xOi4OvoRnIv8oic+Ep9exVtSSxpwRQWfWJMCq6Hh3j2m4ztZL7ZmXqwNXVbg X-Received: by 2002:a05:651c:19a7:b0:2cc:75ce:be5f with SMTP id bx39-20020a05651c19a700b002cc75cebe5fmr3417735ljb.5.1702995446023; Tue, 19 Dec 2023 06:17:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702995445; cv=none; d=google.com; s=arc-20160816; b=S3ifgOCMCeHs1sMhjRwy2Rsky2bOWXU/+mPbOf0qCwQdNpU6lAxMik9UHP1iN828oc 2ljZj/wVn6zQ66297cSG7fUeuaYrAT7Dy4huK/RT1rmkUb++jM4MHtf6eH00JXWunVo2 MgQHghf+WDbXqtIaHFI4Fejdcf7AiNLkSnFSMmTuxbqHyKnmJXAwYDMkxs14kb2PAwgX Wc8N5lvxLY212Fz7Q6SMeEUxQy8gYkGbsnbFj3N8i5xNhZyg/7RxQuMNrCRQnNuncZNS JkIPyiupQBm6WBgEBpSMmXlLPfgZaU2x6SAMb665UbUOgChxaWA0tBFpH4QP9gB7i/3F /wNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:date:to:from:message-id :dkim-signature:delivered-to; bh=WTF/j9YXwHZ2yIQZN+RFq+cIAwW/9AaP0+hoVH0WJ6Y=; fh=HnHYuZ9XgUo86ZRXTLWWmQxhslYEI9B9taZ5X1DLFfc=; b=uqII0CxgsaVhKm9xNo7fVcWZW2cLkODdiI0lb0W+AWsOwCNt9rpb9/3jySFtiZU81E MsOUsrXLZseUAUdF/gD4O/cSAOiw1j8dJeiVijCK9ktPmmthOq2ZUzLZx7PixjcTWhe+ mEXC8L7eaLVJLQfUWOLFe9k4QTlbyYpuUbvBeHFZ6hw25xFJB7izzhRIyfVzPs0HkY4y nkR0CBkRDuB/WWy3+I+w3XkuKW0gWz651WSIyarKlHmjav1j/lGkjht18dsvS3Jj9V0O d/JV6ILyTA6WT2eqToiviTTs0mcPkcHgcWZD9YawfJytNNrPKsbj7fXIOyDFbWZ4Xzmx 6amQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=x9yh2XUM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id cz27-20020a0564021cbb00b005537e397456si1001056edb.691.2023.12.19.06.17.08; Tue, 19 Dec 2023 06:17:25 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=x9yh2XUM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C886C68D16A; Tue, 19 Dec 2023 16:17:05 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from out162-62-58-216.mail.qq.com (out162-62-58-216.mail.qq.com [162.62.58.216]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3B01268CDDF for ; Tue, 19 Dec 2023 16:16:58 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1702995409; bh=F0uIYGcKxDUxu4RPknep+GuyhCUThsdW2NIIlPkEU4o=; h=From:To:Cc:Subject:Date; b=x9yh2XUMQpMUUcmZ3VluC7ombkDm7dj5wYwdRKe02aBgpr3l7fRRCYx9nlDDZ1Ha/ mi9HrtIjQdfbbaeDJNm+52JUPVH7BTZfHzeoCHRGxJ0SFkZQ9kONFPC2BIQ30pyTUJ cRYqW18/gp0eGYplN+5vA+TWQvMn1JvHQevSWr6I= Received: from localhost.localdomain ([121.34.202.210]) by newxmesmtplogicsvrsza10-0.qq.com (NewEsmtp) with SMTP id 430B9A3D; Tue, 19 Dec 2023 22:16:48 +0800 X-QQ-mid: xmsmtpt1702995408tj3j100ne Message-ID: X-QQ-XMAILINFO: N2/jAoEINgTT1aXRTY/VYC3z1POePMGFllsuaU7z3SblPgz6qAuzlbX+7Op05W hWtE3yRoP7cvUfCel9clCaUNusJPp7ynAkookntW1O0AznYkW58TFAoGLv4WraT4Ov3RN+qq0XqE uuRs0whG4fY22rToY8xdPqRVwj6x+00JAKp8TUzozfs9/NL1XDzgvmdOSsN9JVKpnvn8Zfq4kgyp XQDYLdI3+W1YU89TGsLWLQuog2k9EK3D4OQjYxPWdqY/sosMmj5ISMjfMQMuNMoF/pCj7Opmz1Gm snPZ01GR5Y/+ZlHamM6vkXbeOwyQ0gmziWux4v+5dMzg/umyrpU6pzduthSnp2zQxgkwBhrJCHPP 0IHdnKvGKGh/cLYeMxcrY3aNiobpnOq6mjnyc+ZexJX09GbqL5B3f75mEHAyyPEkR5xS9ToY7hOG 3LuVPn/qLQO8KxFyHlgFf6tkxE77xVI0FtM3wsz56jKUE6OLEsDnBUNLl3MzNl/oBo3Rph4ETDUw Y6x5s/YvwucWc0SgaZxnTJ/mVFfD/VvlIP0E6xlUn+JsEU6be2qI43z3WoOkkp/lPuVDTfwNLnnT LZA9X0p9frcA6ENAnzwt3jOkCoBRs0cSTPR46Qs7U04piJC2gQAdwMV4bKrrZ+1hd3z+wtKjEguI Z3lTcVRzxwMjuzjNpnO+Xt4sn6VkRDs97uTflMikl2oSKLEg+HU/Kp0tziBY+5Yf38skMJ/mmB1n lVvO4aBIPjM/5Wu9J3/868b9AETA89vdTJnmn86Gw5njMOGtjp4oxJLNUmPqbRmBVLYiS5qYaWEl YZZobQfKUAg0BUsg+DKUrkoLdMDcE7qRbCaz/KaDqLhcP8syp3qQScx0cepEhaUUYQLslXiQgSTp euSVKXK3YEittluwzaJsYqUr5+RLDFhbFPBPU6n0TeO5qQh6ezvlDnEGlhbi1dKJzAANS8OrNzak P+0ZaWXFmfwDqnQY8y5wK5p4oNMx6K4BYYTaSAb5gzQPT9Eq8wWg== X-QQ-XMRINFO: M/715EihBoGSf6IYSX1iLFg= From: Zhao Zhili To: ffmpeg-devel@ffmpeg.org Date: Tue, 19 Dec 2023 22:16:43 +0800 X-OQ-MSGID: <20231219141643.212131-1-quinkblack@foxmail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v3 1/3] fftools/ffmpeg_filter: fix NULL pointer dereference X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Zhao Zhili Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: F879IKwvsUIY From: Zhao Zhili In close_output(), a dummy frame is created with format NONE passed to enc_open(), which doesn't prepare for it. The NULL pointer dereference happened at av_pix_fmt_desc_get(enc_ctx->pix_fmt)->comp[0].depth. When fgt.graph is NULL, skip fg_output_frame() since there is nothing to output. frame #0: 0x0000005555bc34a4 ffmpeg_g`enc_open(opaque=0xb400007efe2db690, frame=0xb400007efe2d9f70) at ffmpeg_enc.c:235:44 frame #1: 0x0000005555bef250 ffmpeg_g`enc_open(sch=0xb400007dde2d4090, enc=0xb400007e4e2daad0, frame=0xb400007efe2d9f70) at ffmpeg_sched.c:1462:11 frame #2: 0x0000005555bee094 ffmpeg_g`send_to_enc(sch=0xb400007dde2d4090, enc=0xb400007e4e2daad0, frame=0xb400007efe2d9f70) at ffmpeg_sched.c:1571:19 frame #3: 0x0000005555bee01c ffmpeg_g`sch_filter_send(sch=0xb400007dde2d4090, fg_idx=0, out_idx=0, frame=0xb400007efe2d9f70) at ffmpeg_sched.c:2154:12 frame #4: 0x0000005555bcf124 ffmpeg_g`close_output(ofp=0xb400007e4e2d85b0, fgt=0x0000007d1790eb08) at ffmpeg_filter.c:2225:15 frame #5: 0x0000005555bcb000 ffmpeg_g`fg_output_frame(ofp=0xb400007e4e2d85b0, fgt=0x0000007d1790eb08, frame=0x0000000000000000) at ffmpeg_filter.c:2317:16 frame #6: 0x0000005555bc7e48 ffmpeg_g`filter_thread(arg=0xb400007eae2ce7a0) at ffmpeg_filter.c:2836:15 frame #7: 0x0000005555bee568 ffmpeg_g`task_wrapper(arg=0xb400007d8e2db478) at ffmpeg_sched.c:2200:21 Signed-off-by: Zhao Zhili --- fftools/ffmpeg_filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c index 9fc877b437..f175ca7918 100644 --- a/fftools/ffmpeg_filter.c +++ b/fftools/ffmpeg_filter.c @@ -2835,7 +2835,7 @@ read_frames: for (unsigned i = 0; i < fg->nb_outputs; i++) { OutputFilterPriv *ofp = ofp_from_ofilter(fg->outputs[i]); - if (fgt.eof_out[i]) + if (fgt.eof_out[i] || !fgt.graph) continue; ret = fg_output_frame(ofp, &fgt, NULL);