[FFmpeg-cvslog] avcodec/nvdec: don't free NVDECContext->bitstream

James Almer git at videolan.org
Wed Feb 7 16:49:24 EET 2024 

ffmpeg | branch: release/5.0 | James Almer <jamrial at gmail.com> | Tue Feb  6 19:50:33 2024 -0300| [4f9c230f42d9f9b0246c64d0e389b702bff84c31] | committer: James Almer

avcodec/nvdec: don't free NVDECContext->bitstream

Ensure all hwaccels that allocate a buffer use NVDECContext->bitstream_internal
instead. Otherwise, if FFHWAccel->end_frame() isn't called before
FFHWAccel->uninit(), an attempt to free a stale pointer to memory not owned by
the hwaccel could take place.

Reviewed-by: Timo Rothenpieler <timo at rothenpieler.org>
Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4f9c230f42d9f9b0246c64d0e389b702bff84c31
---

 libavcodec/nvdec.c      | 2 +-
 libavcodec/nvdec_h264.c | 4 ++--
 libavcodec/nvdec_hevc.c | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/nvdec.c b/libavcodec/nvdec.c
index 251be039a8..4a085e1a63 100644
--- a/libavcodec/nvdec.c
+++ b/libavcodec/nvdec.c
@@ -263,8 +263,8 @@ int ff_nvdec_decode_uninit(AVCodecContext *avctx)
 {
     NVDECContext *ctx = avctx->internal->hwaccel_priv_data;
 
-    av_freep(&ctx->bitstream);
     av_freep(&ctx->bitstream_internal);
+    ctx->bitstream           = NULL;
     ctx->bitstream_len       = 0;
     ctx->bitstream_allocated = 0;
 
diff --git a/libavcodec/nvdec_h264.c b/libavcodec/nvdec_h264.c
index 116bd4fb5d..a9ccd6d53b 100644
--- a/libavcodec/nvdec_h264.c
+++ b/libavcodec/nvdec_h264.c
@@ -137,11 +137,11 @@ static int nvdec_h264_decode_slice(AVCodecContext *avctx, const uint8_t *buffer,
     const H264SliceContext *sl = &h->slice_ctx[0];
     void *tmp;
 
-    tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated,
+    tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated,
                           ctx->bitstream_len + size + 3);
     if (!tmp)
         return AVERROR(ENOMEM);
-    ctx->bitstream = tmp;
+    ctx->bitstream = ctx->bitstream_internal = tmp;
 
     tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated,
                           (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets));
diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c
index 590278ba04..1f2b5ae9d0 100644
--- a/libavcodec/nvdec_hevc.c
+++ b/libavcodec/nvdec_hevc.c
@@ -273,11 +273,11 @@ static int nvdec_hevc_decode_slice(AVCodecContext *avctx, const uint8_t *buffer,
     NVDECContext *ctx = avctx->internal->hwaccel_priv_data;
     void *tmp;
 
-    tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated,
+    tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated,
                           ctx->bitstream_len + size + 3);
     if (!tmp)
         return AVERROR(ENOMEM);
-    ctx->bitstream = tmp;
+    ctx->bitstream = ctx->bitstream_internal = tmp;
 
     tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated,
                           (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets));

More information about the ffmpeg-cvslog mailing list