From patchwork Fri Dec 3 09:43:43 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yy X-Patchwork-Id: 31907 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp437736iog; Fri, 3 Dec 2021 01:43:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJx0uOkTHnaoDja85w76gclymaNLO6owAiXHKzoCLQZajN3ih8qtWAXBa7aoSh4zdeXwh9jI X-Received: by 2002:a05:6402:27c8:: with SMTP id c8mr25683750ede.151.1638524637878; Fri, 03 Dec 2021 01:43:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1638524637; cv=none; d=google.com; s=arc-20160816; b=Qq40vlauBxUbG31EGe2dswn6aaHLN1GknguMaqj2wZCSdmIJSwxPhK+4qLOVkP07X8 orQ4I3tiV42uVSQ3HkXhkmIcXD2tGQROgPBhjeE70KZpk+auXKEEwfeJRFuMYHh9t3qY wKbBJ8dX7Nki/xNoMVtCGZSbE8KREo/uQ4C6Fcxgpl/D9QKSTUtMOoiX0c2q0c9lXkmR q6QOHHv2q5VGGDbtWAVed8ohFXw7sNNMXd81a7ULFM57asV0FXpw5gKlVJz3KKa46Oq8 FMZ/eRVsWZ84IS88NfHEsL2NPzONUP6njYqW/tb3jiPVS+dWfTbWuE7NxH+mAPvs9bGT +5sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=v7JUCOY3KcJihJNep2J4Ou9Zfioaka+N+sIXo4w+8Uo=; b=SUplDEttGj6QUiwFyL9fUKqAAcGeodfDrmFQkxr3Q8KTzEmiStYih3rz5HcpVBOA/A b64olakF/mx2NWhd69y73quyieMtNictN/bxiQ/d0Rr0m5JKlLgBfs9H3TgrWl6U8r7q AM+gibxNDRo/m+rsTqsfov079fJc41ycV8Pc4Cpf3uyRAszk7zMJxH0ZJpfDunhILhki 3IlQ8QUcXo3SK1JyKHNOYAjbvnC5BI19BTew7IT7xoTCHGDMiXzmlb8cM7P/bY+t3/2K qICPY7y5agG7BX8k2zzuFnHhxaH32fGorLOij/T2h2Gzsry5C54ewbI48aYNOqsGsmaF ZlMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=UmKnbJ9g; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id sc16si4122886ejc.599.2021.12.03.01.43.57; Fri, 03 Dec 2021 01:43:57 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@163.com header.s=s110527 header.b=UmKnbJ9g; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=163.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A607768AE3C; Fri, 3 Dec 2021 11:43:55 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-m974.mail.163.com (mail-m974.mail.163.com [123.126.97.4]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3D1DE689F59 for ; Fri, 3 Dec 2021 11:43:47 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=8zxlR FXGU6oDe21sxkuAHDKdtnlkq0eqPFL7yYOnD1o=; b=UmKnbJ9gFu5f0x+LVvtGb sbTGXWIZpWFCqTFvkr27QjSJtmZgbkivGfwhJtqkpsEZ3+8jYifnQhAw801NYsBR fiIXd6rh/yQUB1Y0BFR0yRLUUbVmX4ZOXr7/CuN0qt8phbLcoKf8zjf9qTtPruha /j/8mIb+4APY36zwkmVOhg= Received: from localhost.localdomain (unknown [103.107.216.236]) by smtp4 (Coremail) with SMTP id HNxpCgDHhb3R5qlhUZheAA--.20103S2; Fri, 03 Dec 2021 17:43:46 +0800 (CST) From: Yu Yang To: ffmpeg-devel@ffmpeg.org Date: Fri, 3 Dec 2021 17:43:43 +0800 Message-Id: <20211203094343.66139-1-young_chelsea@163.com> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 X-CM-TRANSID: HNxpCgDHhb3R5qlhUZheAA--.20103S2 X-Coremail-Antispam: 1Uf129KBjvJXoWxZrWUGr15AF1rCF1ktr4Dtwb_yoW5Zw1Upw 10vFsrGF48XrW5A398Ww4xWrW5Jws3C3WFyr4FkwnrZF95JryxG39a9ryrury2vrsrA3WI 9F45Gr18GFn7G3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0pMiifcUUUUU= X-Originating-IP: [103.107.216.236] X-CM-SenderInfo: x1rx0wpbfkvzxvhdqiywtou0bp/xtbBExJeSl3l+l7AxgABsO Subject: [FFmpeg-devel] [PATCH] Exception when frame is set NULL X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: TOTE Robot , Yu Yang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: cCP1/lWzQPFt fftools/ffmpegc When `ost->last_frame` is NULL, 'SEGV' occurs when accessing its pts. libavutil/framec `ost->last_frame` may be set NULL by av_frame_alloc(). In this situation, av_frame_unref() and av_frame_free() do nothing. Frame is not released. ```c // in fftools/ffmpeg.c:1145 1145 static void do_video_out(OutputFile *of, ...) 1148 { ... // `ost->last_frame` is NULL. 1272 av_log(NULL, AV_LOG_VERBOSE, 1273 "*** dropping frame %d from stream %d at ts %"PRId64"\n", 1274 ost->frame_number, ost->st->index, ost->last_frame->pts); ... 1421 if (!ost->last_frame) // `ost->last_frame` may be set NULL here. 1422 ost->last_frame = av_frame_alloc(); ... 1433 } ``` coredump backtrace info: ==7192==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000088 (pc 0x0000005e87e2 bp 0x7fff84f0ffb0 sp 0x7fff84f0f020 T0) ==7192==The signal is caused by a READ memory access. ==7192==Hint: address points to the zero page. #0 0x5e87e2 in do_video_out /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:1274:68 #1 0x5df341 in reap_filters /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:1548:25 #2 0x5d08b7 in transcode_from_filter /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4644:15 #3 0x59e557 in transcode_step /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4729:20 #4 0x593970 in transcode /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:4805:15 #5 0x58f7a4 in main /home/r1/ffmpeg/ffmpeg-4.4.1/build/src/fftools/ffmpeg.c:5010:9 #6 0x7f0fa9d900b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #7 0x42033d in _start (/home/r1/ffmpeg/ffmpeg_4.4.1+0x42033d) Reported-by: TOTE Robot Signed-off-by: Yu Yang --- fftools/ffmpeg.c | 7 ++++--- libavutil/frame.c | 9 ++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fftools/ffmpeg.c b/fftools/ffmpeg.c index cfb04d5eff..cade05f762 100644 --- a/fftools/ffmpeg.c +++ b/fftools/ffmpeg.c @@ -1265,9 +1265,10 @@ static void do_video_out(OutputFile *of, if (nb0_frames == 0 && ost->last_dropped) { nb_frames_drop++; - av_log(NULL, AV_LOG_VERBOSE, - "*** dropping frame %d from stream %d at ts %"PRId64"\n", - ost->frame_number, ost->st->index, ost->last_frame->pts); + if (ost->last_frame) + av_log(NULL, AV_LOG_VERBOSE, + "*** dropping frame %d from stream %d at ts %"PRId64"\n", + ost->frame_number, ost->st->index, ost->last_frame->pts); } if (nb_frames > (nb0_frames && ost->last_dropped) + (nb_frames > nb0_frames)) { if (nb_frames > dts_error_threshold * 30) { diff --git a/libavutil/frame.c b/libavutil/frame.c index d4d3ad6988..9c866320a7 100644 --- a/libavutil/frame.c +++ b/libavutil/frame.c @@ -111,11 +111,10 @@ AVFrame *av_frame_alloc(void) void av_frame_free(AVFrame **frame) { - if (!frame || !*frame) - return; - - av_frame_unref(*frame); - av_freep(frame); + if (*frame) + av_frame_unref(*frame); + if (frame) + av_freep(frame); } static int get_video_buffer(AVFrame *frame, int align)