[FFmpeg-devel] [PATCH v1 1/3] avcodec: v4l2_m2m: fix races around freeing data on close
sw at jkqxz.net
Sun Jan 21 02:46:15 EET 2018
On 09/01/18 22:56, Jorge Ramirez-Ortiz wrote:
> From: Mark Thompson <sw at jkqxz.net>
> Refcount all of the context information. This also fixes a potential
> segmentation fault when accessing freed memory (buffer returned after
> the codec has been closed).
> Tested-by: Jorge Ramirez-Ortiz <jorge.ramirez.ortiz at gmail.com>
> libavcodec/v4l2_buffers.c | 32 ++++++++++------
> libavcodec/v4l2_buffers.h | 6 +++
> libavcodec/v4l2_m2m.c | 93 +++++++++++++++++++++++++++++------------------
> libavcodec/v4l2_m2m.h | 35 ++++++++++++++----
> libavcodec/v4l2_m2m_dec.c | 22 +++++++----
> libavcodec/v4l2_m2m_enc.c | 22 +++++++----
> 6 files changed, 140 insertions(+), 70 deletions(-)
I've done some more testing of this set on s5p-mfc. I still don't like the residual use of atomics in what I wrote, but it is overall a bit better than before so I've applied the whole set.
* There's a timestamp overflow case, patch follows.
* Reinitialisation still fails in some cases - decoding fate/h264/reinit-large_420_8-to-small_420_8.h264 currently hangs. That needs more investigation, which I haven't done.
* valgrind still shows leaks when h264_mp4toannexb feeds the decoder, but the bsf doesn't show it in isolation. Buffer references leaking in the decoder somehow?
More information about the ffmpeg-devel