[FFmpeg-devel] [PATCH] fftools/ffmpeg_filter: fix SEGV in choose_pix_fmts after avio_close_dyn_buf
Anton Khirnov
anton at khirnov.net
Wed Dec 1 12:40:37 EET 2021
Quoting Steven Liu (2021-12-01 11:27:41)
> Anton Khirnov <anton at khirnov.net> 于2021年12月1日周三 下午6:21写道:
> >
> > Quoting Steven Liu (2021-12-01 09:37:52)
> > > From: Steven Liu <liuqi05 at kuaishou.com>
> > >
> > > ret could be set to s->opaque->buffer in avio_close_dyn_buf, so it can
> > > be set to NULL, check NULL pointer deference after it should be ok.
> >
> > I don't understand this reasoning. avio_close_dyn_buf() should produce
> > a non-NULL output buffer if something was written into it. Since this
> > branch is only taken when (enc->pix_fmts != NULL), something should
> > always be written, so the output buffer should be non-NULL and have a
> > non-zero size.
> >
> > Under what circumstances will it happen that the output is NULL?
>
> ```c
> // in libavformat/aviobuf.c:1294
> 1294 static int dyn_buf_write(void *opaque, uint8_t *buf, int buf_size)
> 1295 {
> ...
> // av_reallocp() could set `opaque->buffer = NULL`; see below;
> 1312 if ((err = av_reallocp(&d->buffer, new_allocated_size)) < 0) {
So the problem is that memory allocation fails and nothing gets written
in the buffer?
Then it seems more correct to check the return value of avio_printf().
--
Anton Khirnov
More information about the ffmpeg-devel
mailing list