[FFmpeg-cvslog] avcodec/dnxhdenc: Fix segfault when using too many slice threads

Andreas Rheinhardt git at videolan.org
Wed Jan 12 02:51:14 EET 2022


ffmpeg | branch: release/4.4 | Andreas Rheinhardt <andreas.rheinhardt at outlook.com> | Thu May  6 01:47:57 2021 +0200| [2de8235791dbc10087573d40eb81e1653993b2ab] | committer: Andreas Rheinhardt

avcodec/dnxhdenc: Fix segfault when using too many slice threads

The DNXHD encoder's context contains an array of 32 pointers to
DNXHDEncContexts used in case of slice threading; when trying
to use more than 32 threads with slice threading, the encoder's init
function errors out, but the close function takes avctx->thread_count
at face value and tries to free inexistent elements of the array,
leading to potential crashes.

Fix this by modifying the check used to decide whether the slice
contexts should be freed.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
(cherry picked from commit eb583b3cb98797e8e815b7432f90cae8e8d52794)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2de8235791dbc10087573d40eb81e1653993b2ab
---

 libavcodec/dnxhdenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/dnxhdenc.c b/libavcodec/dnxhdenc.c
index 2461c51727..31ae147433 100644
--- a/libavcodec/dnxhdenc.c
+++ b/libavcodec/dnxhdenc.c
@@ -1353,7 +1353,7 @@ static av_cold int dnxhd_encode_end(AVCodecContext *avctx)
     av_freep(&ctx->qmatrix_c16);
     av_freep(&ctx->qmatrix_l16);
 
-    if (avctx->active_thread_type == FF_THREAD_SLICE) {
+    if (ctx->thread[1]) {
         for (i = 1; i < avctx->thread_count; i++)
             av_freep(&ctx->thread[i]);
     }



More information about the ffmpeg-cvslog mailing list