[FFmpeg-devel] [PATCH v2] avcodec/av1dec: Always set ret before goto end

Thu May 2 21:31:35 EEST 2024

On 5/2/2024 6:48 AM, Andreas Rheinhardt wrote:
> Before 0f8763fbea4e8816cd54c2a481d4c048fec58394, av1_frame_ref()
> and update_reference_list() could fail and therefore needed to
> be checked, which incidentally set ret. This is no longer happening,
> leading to a potential use of an uninitialized value which is
> also the subject of Coverity ticket #1596605.
> 
> Fix this by always setting ret before goto end; do not return
> some random ancient value.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
> Here is a different approach that uses the translation from 0 to EAGAIN.
> 
>   libavcodec/av1dec.c | 24 +++++++++++++++---------
>   1 file changed, 15 insertions(+), 9 deletions(-)
> 
> diff --git a/libavcodec/av1dec.c b/libavcodec/av1dec.c
> index 79a30a114d..75cc3fba48 100644
> --- a/libavcodec/av1dec.c
> +++ b/libavcodec/av1dec.c
> @@ -1333,12 +1333,15 @@ static int av1_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame)
>   
>                   if (s->cur_frame.f) {
>                       ret = set_output_frame(avctx, frame);
> -                    if (ret < 0)
> +                    if (ret < 0) {
>                           av_log(avctx, AV_LOG_ERROR, "Set output frame error.\n");
> +                        goto end;
> +                    }
>                   }
>   
>                   s->raw_frame_header = NULL;
>                   i++;
> +                ret = 0;
>   
>                   goto end;
>               }
> @@ -1439,17 +1442,20 @@ static int av1_receive_frame_internal(AVCodecContext *avctx, AVFrame *frame)
>   
>               update_reference_list(avctx);
>   
> -            if (s->raw_frame_header->show_frame && s->cur_frame.f) {
> -                ret = set_output_frame(avctx, frame);
> -                if (ret < 0) {
> -                    av_log(avctx, AV_LOG_ERROR, "Set output frame error\n");
> -                    goto end;
> -                }
> -            }
> -            raw_tile_group = NULL;
> +            raw_tile_group      = NULL;
>               s->raw_frame_header = NULL;
> +
>               if (show_frame) {
> +                // cur_frame.f needn't exist due to skip_frame.
> +                if (s->cur_frame.f) {
> +                    ret = set_output_frame(avctx, frame);
> +                    if (ret < 0) {
> +                        av_log(avctx, AV_LOG_ERROR, "Set output frame error\n");
> +                        goto end;
> +                    }
> +                }
>                   i++;
> +                ret = 0;
>                   goto end;
>               }
>           }

Should be ok.