[FFmpeg-devel] [PATCH] avutil/hwcontext_amf: fix crash on uninit after init failed
Kacper Michajłow
kasper93 at gmail.com
Thu Feb 6 06:38:32 EET 2025
amf_device_create() calls amf_device_uninit() on errors, but if things
were not initialized it will null deref amf_ctx->factory.
Fixes: https://github.com/mpv-player/mpv/issues/15814
Signed-off-by: Kacper Michajłow <kasper93 at gmail.com>
---
libavutil/hwcontext_amf.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavutil/hwcontext_amf.c b/libavutil/hwcontext_amf.c
index 8e0ce1927e..5ba2ec5b07 100644
--- a/libavutil/hwcontext_amf.c
+++ b/libavutil/hwcontext_amf.c
@@ -339,7 +339,7 @@ static int amf_transfer_data_from(AVHWFramesContext *ctx, AVFrame *dst,
static void amf_device_uninit(AVHWDeviceContext *device_ctx)
{
AVAMFDeviceContext *amf_ctx = device_ctx->hwctx;
- AMF_RESULT res;
+ AMF_RESULT res = AMF_NOT_INITIALIZED;
AMFTrace *trace;
if (amf_ctx->context) {
@@ -348,7 +348,9 @@ static void amf_device_uninit(AVHWDeviceContext *device_ctx)
amf_ctx->context = NULL;
}
- res = amf_ctx->factory->pVtbl->GetTrace(amf_ctx->factory, &trace);
+ if (amf_ctx->factory)
+ res = amf_ctx->factory->pVtbl->GetTrace(amf_ctx->factory, &trace);
+
if (res == AMF_OK) {
trace->pVtbl->UnregisterWriter(trace, FFMPEG_AMF_WRITER_ID);
}
--
2.45.1
More information about the ffmpeg-devel
mailing list