[FFmpeg-devel] [PATCH] avcodec/bsf: set pctx to NULL when av_bsf_alloc failed
James Almer
jamrial at gmail.com
Sat Jan 16 15:19:48 EET 2021
On 1/16/2021 2:24 AM, Steven Liu wrote:
> av_bsf_free will free invalid pointer when av_bsf_alloc failed.
> because av_bsf_list_parse_str called av_bsf_get_null_filter,
> av_bsf_get_null_filter called av_bsf_alloc, and av_bsf_alloc
> should set a value to the *pctx before return success or failed,
> because it dose not initial a null pointer ever, so it will free
> invalid pointer in av_bsf_free which is called by ff_decode_bsfs_init.
The pointer passed to av_bsf_list_parse_str() in ff_decode_bsfs_init()
is already NULL, because avctx->internal was allocated with av_mallocz().
In what scenario is av_bsf_free() getting an invalid pointer?
>
> Found-by: Zu-Ming Jiang <jjzuming at outlook.com>
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavcodec/bsf.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavcodec/bsf.c b/libavcodec/bsf.c
> index d71bc32584..5bb3349138 100644
> --- a/libavcodec/bsf.c
> +++ b/libavcodec/bsf.c
> @@ -141,6 +141,7 @@ int av_bsf_alloc(const AVBitStreamFilter *filter, AVBSFContext **pctx)
> return 0;
> fail:
> av_bsf_free(&ctx);
> + *pctx = NULL;
> return ret;
> }
>
>
More information about the ffmpeg-devel
mailing list