[Libav-user] Array bounds error while reading from ffmpeg data array using Purify

"René J.V. Bertin" rjvbertin at gmail.com
Wed Dec 26 13:50:44 CET 2012


On Dec 26, 2012, at 06:52, Navin wrote:
>        g_pFrameRGB = avcodec_alloc_frame();
>        if (NULL == g_pFrameRGB)  return false;
> 
>        uint8_t* pbuffer = NULL;
>        g_numBytes = avpicture_get_size(PIX_FMT_RGB24, g_metadata->WIDTH, g_metadata->HEIGHT);
>        pbuffer = (uint8_t *) av_malloc(g_numBytes * sizeof(uint8_t));//TODO: exception handling may be required for allocs
> 
>        g_sws_ctx = sws_getContext(g_metadata->WIDTH, g_metadata->HEIGHT, g_g_pCodecCtx->pix_fmt, \
>                                        g_metadata->WIDTH, g_metadata->HEIGHT, PIX_FMT_RGB24, SWS_BILINEAR, NULL, NULL, NULL );
> 
>        avpicture_fill((AVPicture *) g_pFrameRGB, pbuffer, PIX_FMT_RGB24, g_metadata->WIDTH, g_metadata->HEIGHT);
>        av_free(pbuffer);
> 
> 
> Navin

>> oops, you still expect g_pFrameRGB->data[0] to be a valid array. But
>> you have released this memory!
> 

Oh, adorable, the sort of mess-up that's so easy to make and hard to trace. I cannot help but remark that avpicture_fill receives all the information required to allocate the working memory itself, making it more 'logical' to deallocate said memory in a subsequent call to a matching deconstructor function (e.g. avcodec_free_frame). Is there a reason for not having implemented such a default case ... or is it indeed possible to pass NULL as the second argument to avpicture_fill to have it do the allocation?

R.


More information about the Libav-user mailing list