PR #20807 opened by James Almer (jamrial) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20807 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20807.patch
>From fc67642ae6ad13b9bebff3f354cc249be70c917a Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Fri, 31 Oct 2025 15:54:27 -0300 Subject: [PATCH 1/4] fftools/ffmpeg: make fg_create{_simple,} clear the input string pointer The graph string is either freed or attached to the filtergraph, so it's best to not leave a dangling pointer with the caller. Signed-off-by: James Almer <[email protected]> --- fftools/ffmpeg.h | 6 +++--- fftools/ffmpeg_demux.c | 2 +- fftools/ffmpeg_filter.c | 14 ++++++++------ fftools/ffmpeg_mux_init.c | 2 +- fftools/ffmpeg_opt.c | 2 +- 5 files changed, 14 insertions(+), 12 deletions(-) diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h index c866980251..cc2ea1a56e 100644 --- a/fftools/ffmpeg.h +++ b/fftools/ffmpeg.h @@ -811,7 +811,7 @@ int parse_and_set_vsync(const char *arg, enum VideoSyncMethod *vsync_var, int fi int filtergraph_is_simple(const FilterGraph *fg); int fg_create_simple(FilterGraph **pfg, InputStream *ist, - char *graph_desc, + char **graph_desc, Scheduler *sch, unsigned sched_idx_enc, const OutputFilterOptions *opts); int fg_finalise_bindings(void); @@ -834,10 +834,10 @@ int ofilter_bind_enc(OutputFilter *ofilter, /** * Create a new filtergraph in the global filtergraph list. * - * @param graph_desc Graph description; an av_malloc()ed string, filtergraph + * @param graph_desc Pointer to graph description; an av_malloc()ed string, filtergraph * takes ownership of it. */ -int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch, +int fg_create(FilterGraph **pfg, char **graph_desc, Scheduler *sch, const OutputFilterOptions *opts); void fg_free(FilterGraph **pfg); diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c index 6901f59dd0..29ef86b7c9 100644 --- a/fftools/ffmpeg_demux.c +++ b/fftools/ffmpeg_demux.c @@ -1705,7 +1705,7 @@ static int istg_parse_tile_grid(const OptionsContext *o, Demuxer *d, InputStream return ret; } - ret = fg_create(NULL, graph_str, d->sch, &opts); + ret = fg_create(NULL, &graph_str, d->sch, &opts); if (ret < 0) return ret; diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c index b0244fa774..9f962e6b8c 100644 --- a/fftools/ffmpeg_filter.c +++ b/fftools/ffmpeg_filter.c @@ -1085,7 +1085,7 @@ static const AVClass fg_class = { .category = AV_CLASS_CATEGORY_FILTER, }; -int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch, +int fg_create(FilterGraph **pfg, char **graph_desc, Scheduler *sch, const OutputFilterOptions *opts) { FilterGraphPriv *fgp; @@ -1097,7 +1097,7 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch, fgp = av_mallocz(sizeof(*fgp)); if (!fgp) { - av_freep(&graph_desc); + av_freep(graph_desc); return AVERROR(ENOMEM); } fg = &fgp->fg; @@ -1108,7 +1108,7 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch, } else { ret = av_dynarray_add_nofree(&filtergraphs, &nb_filtergraphs, fgp); if (ret < 0) { - av_freep(&graph_desc); + av_freep(graph_desc); av_freep(&fgp); return ret; } @@ -1117,11 +1117,13 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch, } fg->class = &fg_class; - fg->graph_desc = graph_desc; + fg->graph_desc = *graph_desc; fgp->disable_conversions = !auto_conversion_filters; fgp->nb_threads = -1; fgp->sch = sch; + *graph_desc = NULL; + snprintf(fgp->log_name, sizeof(fgp->log_name), "fc#%d", fg->index); fgp->frame = av_frame_alloc(); @@ -1245,7 +1247,7 @@ fail: int fg_create_simple(FilterGraph **pfg, InputStream *ist, - char *graph_desc, + char **graph_desc, Scheduler *sch, unsigned sched_idx_enc, const OutputFilterOptions *opts) { @@ -1270,7 +1272,7 @@ int fg_create_simple(FilterGraph **pfg, "to have exactly 1 input and 1 output. " "However, it had %d input(s) and %d output(s). Please adjust, " "or use a complex filtergraph (-filter_complex) instead.\n", - graph_desc, fg->nb_inputs, fg->nb_outputs); + *graph_desc, fg->nb_inputs, fg->nb_outputs); return AVERROR(EINVAL); } if (fg->outputs[0]->type != type) { diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c index be1dbad479..bcbbee9126 100644 --- a/fftools/ffmpeg_mux_init.c +++ b/fftools/ffmpeg_mux_init.c @@ -1003,7 +1003,7 @@ ost_bind_filter(const Muxer *mux, MuxStream *ms, OutputFilter *ofilter, ost->filter = ofilter; ret = ofilter_bind_enc(ofilter, ms->sch_idx_enc, &opts); } else { - ret = fg_create_simple(&ost->fg_simple, ost->ist, filters, + ret = fg_create_simple(&ost->fg_simple, ost->ist, &filters, mux->sch, ms->sch_idx_enc, &opts); if (ret >= 0) ost->filter = ost->fg_simple->outputs[0]; diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c index f51523d2e0..80bb9236af 100644 --- a/fftools/ffmpeg_opt.c +++ b/fftools/ffmpeg_opt.c @@ -1496,7 +1496,7 @@ int ffmpeg_parse_options(int argc, char **argv, Scheduler *sch) /* create complex filtergraphs */ for (int i = 0; i < go.nb_filtergraphs; i++) { - ret = fg_create(NULL, go.filtergraphs[i], sch, NULL); + ret = fg_create(NULL, &go.filtergraphs[i], sch, NULL); go.filtergraphs[i] = NULL; if (ret < 0) goto fail; -- 2.49.1 >From 2037e2b15b84fc2b31c841f115eacaa0d0f09d6b Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Fri, 31 Oct 2025 15:56:40 -0300 Subject: [PATCH 2/4] fftools/ffmpeg_demux: fix potential memory leak when creating tile grid filtergraphs Fixes CID 1668266. Signed-off-by: James Almer <[email protected]> --- fftools/ffmpeg_demux.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c index 29ef86b7c9..cb79dd7611 100644 --- a/fftools/ffmpeg_demux.c +++ b/fftools/ffmpeg_demux.c @@ -1702,17 +1702,22 @@ static int istg_parse_tile_grid(const OptionsContext *o, Demuxer *d, InputStream ret = av_packet_side_data_to_frame(&opts.side_data, &opts.nb_side_data, sd, 0); if (ret < 0 && ret != AVERROR(EINVAL)) - return ret; + goto fail; } ret = fg_create(NULL, &graph_str, d->sch, &opts); if (ret < 0) - return ret; + goto fail; istg->fg = filtergraphs[nb_filtergraphs-1]; istg->fg->is_internal = 1; - return 0; + ret = 0; +fail: + if (ret < 0) + av_freep(&graph_str); + + return ret; } static int istg_add(const OptionsContext *o, Demuxer *d, AVStreamGroup *stg) -- 2.49.1 >From 402599354e29b17b7d6e49666180bbe603a9d871 Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Fri, 31 Oct 2025 15:59:18 -0300 Subject: [PATCH 3/4] fftools/ffmpeg_filter: check the side data descriptor pointer is not NULL Fixes CID 1668264. Signed-off-by: James Almer <[email protected]> --- fftools/ffmpeg_filter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c index 9f962e6b8c..a770804862 100644 --- a/fftools/ffmpeg_filter.c +++ b/fftools/ffmpeg_filter.c @@ -2266,7 +2266,7 @@ static int ifilter_parameters_from_frame(InputFilter *ifilter, const AVFrame *fr for (int i = 0; i < frame->nb_side_data; i++) { const AVSideDataDescriptor *desc = av_frame_side_data_desc(frame->side_data[i]->type); - if (!(desc->props & AV_SIDE_DATA_PROP_GLOBAL) || + if (!desc || !(desc->props & AV_SIDE_DATA_PROP_GLOBAL) || frame->side_data[i]->type == AV_FRAME_DATA_DISPLAYMATRIX) continue; -- 2.49.1 >From 858b53bb82afe70863ed33d7cfbc73822b49ff69 Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Fri, 31 Oct 2025 16:05:02 -0300 Subject: [PATCH 4/4] avutil/csp: check the for NULL pointer in av_csp_primaries_desc_from_id Fixes CID 1668265. Signed-off-by: James Almer <[email protected]> --- libavutil/csp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavutil/csp.c b/libavutil/csp.c index c8ecddc110..2ab4fee9dd 100644 --- a/libavutil/csp.c +++ b/libavutil/csp.c @@ -100,7 +100,7 @@ const AVColorPrimariesDesc *av_csp_primaries_desc_from_id(enum AVColorPrimaries else if (((unsigned)prm >= AVCOL_PRI_EXT_BASE) && ((unsigned)prm < AVCOL_PRI_EXT_NB)) p = &color_primaries_ext[prm - AVCOL_PRI_EXT_BASE]; - if (!p->prim.r.x.num) + if (p && !p->prim.r.x.num) return NULL; return p; } -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
