From patchwork Sat May 30 23:32:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 20024 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id A847E44B0E0 for ; Sun, 31 May 2020 02:32:29 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8909968A4D4; Sun, 31 May 2020 02:32:29 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f66.google.com (mail-qv1-f66.google.com [209.85.219.66]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9A22E68835E for ; Sun, 31 May 2020 02:32:22 +0300 (EEST) Received: by mail-qv1-f66.google.com with SMTP id f89so2857759qva.3 for ; Sat, 30 May 2020 16:32:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=7w0xhe3a+kHAiapqYXMymUuxzmr0unnPuuD872etCDM=; b=SbBLKFfkOPGDXGTiwhXLs8fPlOOQQA0igK8xRVRMpVHxhpSpAZD8LLQhAt157mydWO BHL6JVyRTs2sh6elBCSVUKVwzCZhBGyS3az4kGdtOZQeN/GqqgZW+02jxjEvEvDIGIu6 Ix2dpdG0WwGKrkE3FrxiWNHK9pjn9xjCTrVjwiZEo6kSap9I4/8C0NZJuRobOqNvHn5F KpB0LW7YSWxP4io0M0u4oNYQQG+qj6ZYUvJC6oslRc25wpaqpkraMki1YWcDWJxJ0iB5 FDz93m5ioIdq+e80advPrVvn74myHTi0iTFriDcf1p1iYUgEnZvgObvok9jHihkpjkkY BEdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=7w0xhe3a+kHAiapqYXMymUuxzmr0unnPuuD872etCDM=; b=DoER72fAj9qvPfu0Rgi6hKkhHQal1FytZalctWo6fHdDXHD9hL3lt/0gxVJZIHVEIN ltf2RKFBQuR6NNf0cGOEQ6Gh+cZZPWHapOD/C+dzYesCSdW2YMqEueZZWD0OqDm3oqZ7 OrhtJe98O1rsiERB9DCImZSXg+SF5rskoLCDAGwQkf8qeO5K3VIPVAlYtxlmun81gS10 7TYa87Lro/u43y89IRFiGqkby0yAtCaUgiuwvQVUQ2vVGWYTLgM2xJSsVlsPrr+cxfJU ulcGsNvNUNdUxRr2T5dVSZHhpjcRfUg0e+zqNs1Th5IEcaTPwvU+daFA6YzHlmqtOPCM Z3Kw== X-Gm-Message-State: AOAM531GYsgLyzX/SZx32/HC/gC4GeMu4GSWJWkEM5WuYqqx/DLPhhc5 kISfwWUw8SeoIz8wCCsIIUQL6x5X X-Google-Smtp-Source: ABdhPJwVOh7kl7J+fR3LTAf4L7BZPwUo5ujCFXgZ3zMvusmPQPiyp4Rxh/s2aLKysneeIYdnPI9Riw== X-Received: by 2002:ad4:56f1:: with SMTP id cr17mr14532209qvb.91.1590881540765; Sat, 30 May 2020 16:32:20 -0700 (PDT) Received: from localhost.localdomain ([181.23.72.208]) by smtp.gmail.com with ESMTPSA id v53sm10821072qtv.10.2020.05.30.16.32.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 May 2020 16:32:20 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Sat, 30 May 2020 20:32:03 -0300 Message-Id: <20200530233204.683-1-jamrial@gmail.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/2] avutil/buffer: add a mention that some arguments from av_buffer_pool_init2() may be NULL X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: James Almer --- libavutil/buffer.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavutil/buffer.h b/libavutil/buffer.h index e0f94314f4..aa611fee8a 100644 --- a/libavutil/buffer.h +++ b/libavutil/buffer.h @@ -252,14 +252,15 @@ AVBufferPool *av_buffer_pool_init(int size, AVBufferRef* (*alloc)(int size)); * Allocate and initialize a buffer pool with a more complex allocator. * * @param size size of each buffer in this pool - * @param opaque arbitrary user data used by the allocator + * @param opaque arbitrary user data used by the allocator. May be NULL. * @param alloc a function that will be used to allocate new buffers when the * pool is empty. * @param pool_free a function that will be called immediately before the pool * is freed. I.e. after av_buffer_pool_uninit() is called * by the caller and all the frames are returned to the pool * and freed. It is intended to uninitialize the user opaque - * data. + * data. May be NULL if the opaque data doesn't need to be + * uninitialized. * @return newly created buffer pool on success, NULL on error. */ AVBufferPool *av_buffer_pool_init2(int size, void *opaque, From patchwork Sat May 30 23:32:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 20025 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 9A00644B0E0 for ; Sun, 31 May 2020 02:32:31 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 844E468A8AA; Sun, 31 May 2020 02:32:31 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qv1-f65.google.com (mail-qv1-f65.google.com [209.85.219.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CBF2668A26E for ; Sun, 31 May 2020 02:32:23 +0300 (EEST) Received: by mail-qv1-f65.google.com with SMTP id ec10so252055qvb.5 for ; Sat, 30 May 2020 16:32:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=wJ043i9eUmdYDS3eMxrV0vNU2gurpM9OxDMmEMVp290=; b=RHbk8jBggSzXzEa+NBqtnosJLPV4uRQetWvD3gW/IOGApArTZsMeOovt4vlgrGL9MZ Z8ko9EDIqIX91yW5N4aW+YOvGWtfVf+5GXTiC0AQwF6i2dt5OcuvC6hdstYPCBNClsWy P5eXUOJvrBMOzy5hOF6o5N7xSuX8IbO9rDloZwf3Ttzf5fn7OlpAgi60A3iykOev2jS8 +FDqdNrEtFOlMC7UFRegsynvvmbeXLZNiIADXggplT9fn1OjedC0cgO01qKqMrnTtgkG kMJ3JjcBom3L1jLhR+5na9SL0588JHZqjyma0jGEnphFoWD+SXtc/04NQenm4yd6O5kI vizw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wJ043i9eUmdYDS3eMxrV0vNU2gurpM9OxDMmEMVp290=; b=k1pBrQH/V/BPYQVRevy5YtBGWnghk01ozMYRfMXKoYvTA5wyxB47nj1EnK0YK6dalH OlJqm5Ya9qFfgF2mD9si80aYtJemNwhgyWcnx+k9/bHRDR2YqDK9nMkOUrTdYaiGyQyv kALbFkQk4f0kE5zCxyl8z5xZLrrgy18l3j6t1ckfYQA7mKdYb+OBCrVuDGF66nModCOo k2YZWpvPkybMNo7FaZt/mqMQHiOZMNU9raZzAGzLniWUYmnL916fhpHiQMWX6Wzplweo GUP7iZ1EdZpUhhbkXlHUco8aktoOv4oo704ZcYZzs1wgAk62sBkVGwM+R6AcRo+RwLY3 ibEg== X-Gm-Message-State: AOAM530y8R5n12HzrJy+MSp4EdpDrxEI+Io5zuCIGCjidg0+YGhzqAaP C4NjGnIrO+w7tYYzVmooA3Nb0+PF X-Google-Smtp-Source: ABdhPJxIaPVI03zFu3kXfR4dHgrIiypbCYMP/1LofkD3UoSLN6gBG2wNQ495Uk8F276zQV5xB8oqOg== X-Received: by 2002:a0c:eb50:: with SMTP id c16mr14458886qvq.202.1590881542111; Sat, 30 May 2020 16:32:22 -0700 (PDT) Received: from localhost.localdomain ([181.23.72.208]) by smtp.gmail.com with ESMTPSA id v53sm10821072qtv.10.2020.05.30.16.32.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 May 2020 16:32:21 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Sat, 30 May 2020 20:32:04 -0300 Message-Id: <20200530233204.683-2-jamrial@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200530233204.683-1-jamrial@gmail.com> References: <20200530233204.683-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] avutil/buffer: reject NULL as argument for the av_buffer_pool_init2() alloc callback X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This prevents NULL pointer dereference crashes when calling av_buffer_pool_get() using the resulting pool. Signed-off-by: James Almer --- libavutil/buffer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavutil/buffer.c b/libavutil/buffer.c index 6d9cb7428e..6fe8f19c39 100644 --- a/libavutil/buffer.c +++ b/libavutil/buffer.c @@ -220,7 +220,11 @@ AVBufferPool *av_buffer_pool_init2(int size, void *opaque, AVBufferRef* (*alloc)(void *opaque, int size), void (*pool_free)(void *opaque)) { - AVBufferPool *pool = av_mallocz(sizeof(*pool)); + AVBufferPool *pool; + + if (!alloc) + return NULL; + pool = av_mallocz(sizeof(*pool)); if (!pool) return NULL;