[FFmpeg-devel] [PATCH] avcodec/hevcdec: check that the local context list exists before dereferencing it

James Almer jamrial at gmail.com
Thu Feb 11 18:18:58 EET 2021


On 2/10/2021 8:59 PM, Paul B Mahol wrote:
> On Wed, Feb 10, 2021 at 6:57 PM Andreas Rheinhardt <
> andreas.rheinhardt at gmail.com> wrote:
> 
>> James Almer:
>>> Since the decoder is not flagged as init cleanup capable,
>> hevc_decode_free()
>>> is being called manually if the hevc_decode_extradata() call fails at
>> the end
>>> of hevc_decode_init().
>>> In a frame threading scenario, however, if AVCodec->init() returns an
>> error,
>>> ff_frame_thread_free() will be called regardless of the above flag being
>> set
>>> or not, resulting in hevc_decode_free() being called a second time for
>> the
>>> same context.
>>>
>>> Solve this by ensuring pointers are not dereferenced if they are NULL,
>> and
>>> setting the decoder as init cleanup capable.
>>>
>>> Fixes ticket #9099.
>>>
>>> Signed-off-by: James Almer <jamrial at gmail.com>
>>> ---
>>> Maybe ff_frame_thread_free() should not call AVCodec->close() for thread
>> contexts
>>> where AVCodec->init() failed and FF_CODEC_CAP_INIT_CLEANUP is not set?
>>>
>>
>> Fixing this has been on my to-do list. (The situation is even worse than
>> you describe it: It is possible that AVCodec->close is called on an
>> AVCodecContext whose private_data couldn't be allocated.)
>>
> 
> So how should proceed? Apply this patch and fix other issues after it?

Applied this patch. The other unchecked allocs are handled in another 
patch, and the ff_frame_thread_init() issues should be fixed by Andreas' 
patch.


More information about the ffmpeg-devel mailing list