[FFmpeg-devel] [PATCH v1] libavcodec/pthread_frame: fix crash that call method ff_frame_thread_init failed because of mem insufficient
徐慧书
javashu2012 at gmail.com
Mon Oct 19 09:26:25 EEST 2020
Andreas Rheinhardt <andreas.rheinhardt at gmail.com> 于2020年10月16日周五 下午4:46写道:
> javashu2012 at gmail.com:
> > From: xuhuishu <xuhuishu.xhs at alibaba-inc.com>
> >
> > Signed-off-by: xuhuishu <xuhuishu.xhs at alibaba-inc.com>
> > ---
> > libavcodec/pthread_frame.c | 23 ++++++++++++-----------
> > 1 file changed, 12 insertions(+), 11 deletions(-)
> >
> > diff --git a/libavcodec/pthread_frame.c b/libavcodec/pthread_frame.c
> > index f8a01ad8cd..2babeb4a6a 100644
> > --- a/libavcodec/pthread_frame.c
> > +++ b/libavcodec/pthread_frame.c
> > @@ -795,6 +795,11 @@ int ff_frame_thread_init(AVCodecContext *avctx)
> > pthread_cond_init(&p->progress_cond, NULL);
> > pthread_cond_init(&p->output_cond, NULL);
> >
> > + if (!copy) {
> > + err = AVERROR(ENOMEM);
> > + goto error;
> > + }
> > +
> > p->frame = av_frame_alloc();
> > if (!p->frame) {
> > av_freep(©);
> > @@ -802,22 +807,18 @@ int ff_frame_thread_init(AVCodecContext *avctx)
> > goto error;
> > }
> >
> > - p->parent = fctx;
> > - p->avctx = copy;
> > -
> > - if (!copy) {
> > + AVCodecInternal *internal = av_malloc(sizeof(AVCodecInternal));
> > + if (!internal) {
> > + av_freep(©);
> > err = AVERROR(ENOMEM);
> > goto error;
> > }
> >
> > - *copy = *src;
> > + p->parent = fctx;
> > + p->avctx = copy;
> >
> > - copy->internal = av_malloc(sizeof(AVCodecInternal));
> > - if (!copy->internal) {
> > - copy->priv_data = NULL;
> > - err = AVERROR(ENOMEM);
> > - goto error;
> > - }
> > + *copy = *src;
> > + copy->internal = internal;
> > *copy->internal = *src->internal;
> > copy->internal->thread_ctx = p;
> > copy->internal->last_pkt_props = &p->avpkt;
> >
> How did you test this? Because it does not completely fix the issue:
> ff_frame_thread_free() thinks that i+1 AVCodecContexts are to be freed,
> but in case of error the last one is not properly initialized. E.g. if
> allocating the copy's priv_data fails, ff_frame_thread_free() will
> nevertheless attempt to call the codec's close function. And the same
> happens when init fails even when the codec does not have the
> FF_CODEC_CAP_INIT_CLEANUP set.
>
> - Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
so sorry, This is my first ffmpeg patch submission, and I started to plan
to submit it twice, which is very wrong.
I have resubmitted it, I hope you see if there is anything else
More information about the ffmpeg-devel
mailing list