[FFmpeg-devel] [PATCH v2] avcodec/mpegvideo_enc: Add check for av_packet_new_side_data()
Add check for av_packet_new_side_data() to avoid null pointer
dereference if allocation fails.
Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as
side data")
Signed-off-by: Jiasheng Jiang
---
Changelog:
v1 -> v2: Wrap lines in the body of the commit message.
---
libavcodec/mpegvideo_enc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 82bab43e14..9b4a516bc0 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -1786,6 +1786,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket
*pkt,
s->mb_info_ptr = av_packet_new_side_data(pkt,
AV_PKT_DATA_H263_MB_INFO,
s->mb_width*s->mb_height*12);
+if (!s->mb_info_ptr)
+return AVERROR(ENOMEM);
s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
}
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/mpegvideo_enc: Add check for av_packet_new_side_data()
Add check for av_packet_new_side_data() to avoid null pointer dereference if
allocation fails.
Fixes: bdc1220eeb ("h263enc: Add an option for outputting info about MBs as
side data")
Signed-off-by: Jiasheng Jiang
---
libavcodec/mpegvideo_enc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c
index 82bab43e14..9b4a516bc0 100644
--- a/libavcodec/mpegvideo_enc.c
+++ b/libavcodec/mpegvideo_enc.c
@@ -1786,6 +1786,8 @@ int ff_mpv_encode_picture(AVCodecContext *avctx, AVPacket
*pkt,
s->mb_info_ptr = av_packet_new_side_data(pkt,
AV_PKT_DATA_H263_MB_INFO,
s->mb_width*s->mb_height*12);
+if (!s->mb_info_ptr)
+return AVERROR(ENOMEM);
s->prev_mb_info = s->last_mb_info = s->mb_info_size = 0;
}
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] bsf: Fix memory leak by adding vp9_raw_reorder_frame_free()
Add vp9_raw_reorder_frame_free() before "ctx->next_frame = NULL;" to avoid
memory leak.
Fixes: 887a7817b6 ("lavc: move bitstream filters into bsf/ subdir")
Signed-off-by: Jiasheng Jiang
---
libavcodec/bsf/vp9_raw_reorder.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/bsf/vp9_raw_reorder.c b/libavcodec/bsf/vp9_raw_reorder.c
index d36093316c..88cf68fb50 100644
--- a/libavcodec/bsf/vp9_raw_reorder.c
+++ b/libavcodec/bsf/vp9_raw_reorder.c
@@ -372,6 +372,7 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf,
AVPacket *out)
if (err < 0) {
av_log(bsf, AV_LOG_ERROR, "Failed to create output "
"for transient frame.\n");
+vp9_raw_reorder_frame_free();
ctx->next_frame = NULL;
return AVERROR_INVALIDDATA;
}
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v4] avformat/nutdec: Add check for avformat_new_stream
As the potential failure of the memory allocation,
the avformat_new_stream() could return NULL pointer.
Therefore, it should be better to check it and return
error if fails.
Also, the caller, nut_read_header(), needs to deal with
the return value of the decode_main_header() and return
error if memory allocation fails.
And 'time_base_count' has already checked and it
will return AVERROR_INVALIDDATA if fails, which is different
from ENOMEM.
Fixes: 619d8e2e58 ("updating nut demuxer to latest spec no muxing yet no index
yet no seeking yet libnuts crcs dont match mine (didnt investigate yet)
samplerate is stored wrong by libnut (demuxer has a workaround) code is not
clean or beautifull yet, but i thought its better to commit early before
someone unneccesarily wastes his time duplicating the work demuxer split from
muxer")
Signed-off-by: Jiasheng Jiang
---
Changelog:
v1 -> v2
* Change 1. Add the error handling for ENOMEM from decode_main_header()
in nut_read_header().
* Change 2. Check for the 'time_base_count'.
v2 -> v3
* Change 1. Remove the check for 'time_base_count'.
* Change 2. Change the av_free to av_freep.
v3 -> v4
* Change 1. Remove the av_freep.
---
libavformat/nutdec.c | 16
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 0a8a700acf..f9ad2c0af1 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -351,8 +351,12 @@ static int decode_main_header(NUTContext *nut)
ret = AVERROR(ENOMEM);
goto fail;
}
-for (i = 0; i < stream_count; i++)
-avformat_new_stream(s, NULL);
+for (i = 0; i < stream_count; i++) {
+if (!avformat_new_stream(s, NULL)) {
+ret = AVERROR(ENOMEM);
+goto fail;
+}
+}
return 0;
fail:
@@ -800,19 +804,23 @@ static int nut_read_header(AVFormatContext *s)
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
-int initialized_stream_count;
+int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ret = 0;
do {
+if (ret == AVERROR(ENOMEM))
+return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
return AVERROR_INVALIDDATA;
}
-} while (decode_main_header(nut) < 0);
+} while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v3] avformat/nutdec: Add check for avformat_new_stream
Michael Niedermayer:
>> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
>> index 0a8a700acf..32a4f6bbcb 100644
>> --- a/libavformat/nutdec.c
>> +++ b/libavformat/nutdec.c
>> @@ -351,8 +351,13 @@ static int decode_main_header(NUTContext *nut)
>> ret = AVERROR(ENOMEM);
>> goto fail;
>> }
>> -for (i = 0; i < stream_count; i++)
>> -avformat_new_stream(s, NULL);
>> +for (i = 0; i < stream_count; i++) {
>> +if (!avformat_new_stream(s, NULL)) {
>> +av_freep(nut->stream);
>
> is this actually needed or isnt this freed anyway ?
> also if needed thats the wrong pointer
> av_freep(>stream)
OK, I will remove it and submit v4.
Jiang
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avformat: Add check for ff_get_extradata
On Tue, Feb 22, 2022 at 04:10:51PM +0800, Paul B Mahol wrote: >> As the potential failure of the memory allocation, the ff_get_extradata() >> could return error if fails. >> Therefore, it should be better to deal with the return value of the >> ff_get_extradata() and return error if fails. >> > > > Not really necessary. Does not fix anything. It is true that the 'extradata' could be NULL and have not used. But I have checked many other callers of the ff_get_extradata(), such as avi_read_header() in `libavformat/avidec.c`. They all have checked the return value to guarantee the 'extradata' to be non-NULL. That means in the future, if the 'aix->extradata' is used, the programmer may not notice that 'aix->extradata' is especial and needs to be checked before use. Therefore, I think it is necessary to add the check to guarantee the consisitency of the code. Thanks, Jiang ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avformat: Add check for ff_get_extradata
As the potential failure of the memory allocation, the ff_get_extradata()
could return error if fails.
Therefore, it should be better to deal with the return value of the
ff_get_extradata() and return error if fails.
Fixes: 2d720069a9 ("avformat: add aix demuxer")
Signed-off-by: Jiasheng Jiang
---
libavformat/aixdec.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/aixdec.c b/libavformat/aixdec.c
index 59c3d60da3..89f73b6913 100644
--- a/libavformat/aixdec.c
+++ b/libavformat/aixdec.c
@@ -40,7 +40,7 @@ static int aix_read_header(AVFormatContext *s)
unsigned segment_list_offset = 0x20;
unsigned segment_list_entry_size = 0x10;
unsigned size;
-int i;
+int i, ret;
avio_skip(s->pb, 4);
first_offset = avio_rb32(s->pb) + 8;
@@ -77,7 +77,9 @@ static int aix_read_header(AVFormatContext *s)
if (size <= 8)
return AVERROR_INVALIDDATA;
avio_skip(s->pb, 8);
-ff_get_extradata(s, s->streams[i]->codecpar, s->pb, size - 8);
+ret = ff_get_extradata(s, s->streams[i]->codecpar, s->pb, size - 8);
+if (ret < 0)
+return ret;
}
return 0;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/magicyuvenc: Add check for av_frame_clone
As the potential failure of the memory allocation,
the 'p' could be NULL pointer.
Therefore, it should be better to check it in order
to avoid the dereferencing of the NULL pointer.
Fixes: 3729ae659f ("avcodec: add MagicYUV encoder")
Signed-off-by: Jiasheng Jiang
---
libavcodec/magicyuvenc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/magicyuvenc.c b/libavcodec/magicyuvenc.c
index ab32d4cee3..b763916b87 100644
--- a/libavcodec/magicyuvenc.c
+++ b/libavcodec/magicyuvenc.c
@@ -454,6 +454,8 @@ static int magy_encode_frame(AVCodecContext *avctx,
AVPacket *pkt,
if (s->correlate) {
uint8_t *r, *g, *b;
AVFrame *p = av_frame_clone(frame);
+if (!p)
+return AVERROR(ENOMEM);
g = p->data[0];
b = p->data[1];
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] fftools/ffmpeg_filter: Add check for av_memdup
As the potential failure of the av_malloc(), the av_memdup()
could return NULL if fails.
Therefore, it should be better to check it and return error
if fails, like the av_buffer_ref().
Fixes: 535a835e51 ("ffmpeg: use display matrix frame side data for
autorotation")
Signed-off-by: Jiasheng Jiang
---
fftools/ffmpeg_filter.c | 5 -
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c
index 2c3f21985f..cdaa0d8165 100644
--- a/fftools/ffmpeg_filter.c
+++ b/fftools/ffmpeg_filter.c
@@ -1161,8 +1161,11 @@ int ifilter_parameters_from_frame(InputFilter *ifilter,
const AVFrame *frame)
av_freep(>displaymatrix);
sd = av_frame_get_side_data(frame, AV_FRAME_DATA_DISPLAYMATRIX);
-if (sd)
+if (sd) {
ifilter->displaymatrix = av_memdup(sd->data, sizeof(int32_t) * 9);
+if (!ifilter->displaymatrix)
+return AVERROR(ENOMEM);
+}
if (frame->hw_frames_ctx) {
ifilter->hw_frames_ctx = av_buffer_ref(frame->hw_frames_ctx);
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v3] avformat/nutdec: Add check for avformat_new_stream
As the potential failure of the memory allocation,
the avformat_new_stream() could return NULL pointer.
Therefore, it should be better to check it and return
error if fails.
Also, the caller, nut_read_header(), needs to deal with
the return value of the decode_main_header() and return
error if memory allocation fails.
And 'time_base_count' has already checked and it
will return AVERROR_INVALIDDATA if fails, which is different
from ENOMEM.
Fixes: 619d8e2e58 ("updating nut demuxer to latest spec no muxing yet no index
yet no seeking yet libnuts crcs dont match mine (didnt investigate yet)
samplerate is stored wrong by libnut (demuxer has a workaround) code is not
clean or beautifull yet, but i thought its better to commit early before
someone unneccesarily wastes his time duplicating the work demuxer split from
muxer")
Signed-off-by: Jiasheng Jiang
---
Changelog:
v1 -> v2
* Change 1. Add the error handling for ENOMEM from decode_main_header()
in nut_read_header().
* Change 2. Check for the 'time_base_count'.
v2 -> v3
* Change 1. Remove the check for 'time_base_count'.
* Change 2. Change the av_free to av_freep.
---
libavformat/nutdec.c | 17 +
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 0a8a700acf..32a4f6bbcb 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -351,8 +351,13 @@ static int decode_main_header(NUTContext *nut)
ret = AVERROR(ENOMEM);
goto fail;
}
-for (i = 0; i < stream_count; i++)
-avformat_new_stream(s, NULL);
+for (i = 0; i < stream_count; i++) {
+if (!avformat_new_stream(s, NULL)) {
+av_freep(nut->stream);
+ret = AVERROR(ENOMEM);
+goto fail;
+}
+}
return 0;
fail:
@@ -800,19 +805,23 @@ static int nut_read_header(AVFormatContext *s)
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
-int initialized_stream_count;
+int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ret = 0;
do {
+if (ret == AVERROR(ENOMEM))
+return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
return AVERROR_INVALIDDATA;
}
-} while (decode_main_header(nut) < 0);
+} while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v2] avformat/nutdec: Add check for avformat_new_stream
Michael Niedermayer:
>> diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
>> index 0a8a700acf..4cbccb20d9 100644
>> --- a/libavformat/nutdec.c
>> +++ b/libavformat/nutdec.c
>> @@ -220,6 +220,10 @@ static int decode_main_header(NUTContext *nut)
>> }
>>
>> GET_V(nut->time_base_count, tmp > 0 && tmp < INT_MAX /
>> sizeof(AVRational) && tmp < length/2);
>> +
>> +if (nut->time_base_count > NUT_MAX_STREAMS)
>> +return AVERROR_INVALIDDATA;
>
> the code already checks against length/2. If you want to add to that
> that should be done at the same level and
> such a change should explain why the existing check is insufficent as
> well as why the new is correct
> and it should be in a patch seperate from other changes
> also a file with NUT_MAX_STREAMS streams could use more timebases in principle
> timebases need a lot less space than streams so they could have a slightly
> higher limit
Thanks, I will remove the check in v3.
>> +
>> nut->time_base = av_malloc_array(nut->time_base_count,
>> sizeof(AVRational));
>> if (!nut->time_base)
>> return AVERROR(ENOMEM);
>> @@ -351,8 +355,13 @@ static int decode_main_header(NUTContext *nut)
>> ret = AVERROR(ENOMEM);
>> goto fail;
>> }
>> -for (i = 0; i < stream_count; i++)
>> -avformat_new_stream(s, NULL);
>> +for (i = 0; i < stream_count; i++) {
>> +if (!avformat_new_stream(s, NULL)) {
>> +av_free(nut->stream);
>
> freeing something and not clearing the pointer is a bad idea in general
You are right.
I will change av_free to av_freep.
Jiang
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] tests/checkasm/nlmeans: Add check for av_calloc
As the potential failure of the av_calloc(), it should be better
to check it and fail() if fails in order to avoid the dereference
of the NULL pointer.
Fixes: f679711c1b ("checkasm: add vf_nlmeans test for ssd_integral_image")
Signed-off-by: Jiasheng Jiang
---
tests/checkasm/vf_nlmeans.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/tests/checkasm/vf_nlmeans.c b/tests/checkasm/vf_nlmeans.c
index 87474d6803..82370bbeec 100644
--- a/tests/checkasm/vf_nlmeans.c
+++ b/tests/checkasm/vf_nlmeans.c
@@ -47,9 +47,9 @@ void checkasm_check_nlmeans(void)
const int ii_h = h + e*2;
const int ii_lz_32 = FFALIGN(ii_w + 1, 4);
uint32_t *ii_orig_ref = av_calloc(ii_h + 1, ii_lz_32 *
sizeof(*ii_orig_ref));
-uint32_t *ii_ref = ii_orig_ref + ii_lz_32 + 1;
+uint32_t *ii_ref;
uint32_t *ii_orig_new = av_calloc(ii_h + 1, ii_lz_32 *
sizeof(*ii_orig_new));
-uint32_t *ii_new = ii_orig_new + ii_lz_32 + 1;
+uint32_t *ii_new;
const int src_lz = FFALIGN(w, 16);
uint8_t *src = av_calloc(h, src_lz);
@@ -58,6 +58,16 @@ void checkasm_check_nlmeans(void)
const uint8_t *s2, ptrdiff_t linesize2,
int w, int h);
+if (!ii_orig_ref || !ii_orig_new || !src) {
+av_free(ii_orig_ref);
+av_free(ii_orig_new);
+av_free(src);
+fail();
+}
+
+ii_ref = ii_orig_ref + ii_lz_32 + 1;
+ii_new = ii_orig_new + ii_lz_32 + 1;
+
randomize_buffer(src, h * src_lz);
for (offy = -r; offy <= r; offy++) {
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] avformat/nutdec: Add check for avformat_new_stream
Andreas Rheinhardt:
>> As the potential failure of the memory allocation,
>> the avformat_new_stream() could return NULL pointer.
>> Therefore, it should be better to check it and return
>> error if fails.
>>
>> Fixes: 84ad31ff18 ("lavf: replace av_new_stream->avformat_new_stream part
>> II.")
>
> This commit did not introduce this bug; it merely replaced the unchecked
> function.
>
> If you look at nut_read_header() you will see that it just retries even
> on allocation failure. So this is not a complete fix. And if it retries
> and finds a different packet header, it adds ever more streams, because
> the already created streams have not been deleted. A proper fix would
> need to check the return value of decode_main_header for ENOMEM, but if
> time_base_count were invalid and huge, one could get an allocation error
> even though there might be a valid header somewhere else. So one would
> need an equivalent of NUT_MAX_STREAMS for timebases or some other
> criterion to rule this out.
Fine, I have submit a v2 to fix the problems above.
Jiang
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH v2] avformat/nutdec: Add check for avformat_new_stream
Andreas Rheinhardt:
>> As the potential failure of the memory allocation,
>> the avformat_new_stream() could return NULL pointer.
>> Therefore, it should be better to check it and return
>> error if fails.
>>
>> Fixes: 84ad31ff18 ("lavf: replace av_new_stream->avformat_new_stream part
>> II.")
>
> This commit did not introduce this bug; it merely replaced the unchecked
> function.
>
> If you look at nut_read_header() you will see that it just retries even
> on allocation failure. So this is not a complete fix. And if it retries
> and finds a different packet header, it adds ever more streams, because
> the already created streams have not been deleted. A proper fix would
> need to check the return value of decode_main_header for ENOMEM, but if
> time_base_count were invalid and huge, one could get an allocation error
> even though there might be a valid header somewhere else. So one would
> need an equivalent of NUT_MAX_STREAMS for timebases or some other
> criterion to rule this out.
Fine, I have submit a v2 to fix the problems above.
Jiang
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] avformat/nutdec: Add check for avformat_new_stream
As the potential failure of the memory allocation,
the avformat_new_stream() could return NULL pointer.
Therefore, it should be better to check it and return
error if fails.
Also, the caller, nut_read_header(), needs to deal with
the return value of the decode_main_header() and return
error if memory allocation fails.
To avoid mishandling the invalid 'time_base_count', another
check for the 'time_base_count' is needed and return different
error if fails.
Fixes: 619d8e2e58 ("updating nut demuxer to latest spec no muxing yet no index
yet no seeking yet libnuts crcs dont match mine (didnt investigate yet)
samplerate is stored wrong by libnut (demuxer has a workaround) code is not
clean or beautifull yet, but i thought its better to commit early before
someone unneccesarily wastes his time duplicating the work demuxer split from
muxer")
Signed-off-by: Jiasheng Jiang
---
Changelog:
v1 -> v2
* Change 1. Add the error handling for ENOMEM from decode_main_header()
in nut_read_header().
* Change 2. Check for the 'time_base_count'.
---
libavformat/nutdec.c | 21 +
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 0a8a700acf..4cbccb20d9 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -220,6 +220,10 @@ static int decode_main_header(NUTContext *nut)
}
GET_V(nut->time_base_count, tmp > 0 && tmp < INT_MAX / sizeof(AVRational)
&& tmp < length/2);
+
+if (nut->time_base_count > NUT_MAX_STREAMS)
+return AVERROR_INVALIDDATA;
+
nut->time_base = av_malloc_array(nut->time_base_count, sizeof(AVRational));
if (!nut->time_base)
return AVERROR(ENOMEM);
@@ -351,8 +355,13 @@ static int decode_main_header(NUTContext *nut)
ret = AVERROR(ENOMEM);
goto fail;
}
-for (i = 0; i < stream_count; i++)
-avformat_new_stream(s, NULL);
+for (i = 0; i < stream_count; i++) {
+if (!avformat_new_stream(s, NULL)) {
+av_free(nut->stream);
+ret = AVERROR(ENOMEM);
+goto fail;
+}
+}
return 0;
fail:
@@ -800,19 +809,23 @@ static int nut_read_header(AVFormatContext *s)
NUTContext *nut = s->priv_data;
AVIOContext *bc = s->pb;
int64_t pos;
-int initialized_stream_count;
+int initialized_stream_count, ret;
nut->avf = s;
/* main header */
pos = 0;
+ret = 0;
do {
+if (ret == AVERROR(ENOMEM))
+return ret;
+
pos = find_startcode(bc, MAIN_STARTCODE, pos) + 1;
if (pos < 0 + 1) {
av_log(s, AV_LOG_ERROR, "No main startcode found.\n");
return AVERROR_INVALIDDATA;
}
-} while (decode_main_header(nut) < 0);
+} while ((ret = decode_main_header(nut)) < 0);
/* stream headers */
pos = 0;
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avformat/nutdec: Add check for avformat_new_stream
As the potential failure of the memory allocation,
the avformat_new_stream() could return NULL pointer.
Therefore, it should be better to check it and return
error if fails.
Fixes: 84ad31ff18 ("lavf: replace av_new_stream->avformat_new_stream part II.")
Signed-off-by: Jiasheng Jiang
---
libavformat/nutdec.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 0a8a700acf..eb2ba4840a 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -352,7 +352,11 @@ static int decode_main_header(NUTContext *nut)
goto fail;
}
for (i = 0; i < stream_count; i++)
-avformat_new_stream(s, NULL);
+if (!avformat_new_stream(s, NULL)) {
+av_free(nut->stream);
+ret = AVERROR(ENOMEM);
+goto fail;
+}
return 0;
fail:
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/mlz: Add the check after calling av_mallocz
Since the potential failure of memory allocation, the av_mallocz()
may return NULL pointer if fails, which is assigned to 'mlz->dict'.
And then 'mlz->dict' will be used in ff_mlz_flush_dict().
Therefore, it should be better to check it and return error if fails
in order to prevent the dereference of the NULL pointer.
Also, the caller, the decode_init() needs to deal with the return value
of ff_mlz_init_dict().
Fixes: 2f7a12fab5 ("avcodec/mlz: clear dict on allocation to ensure there are
no uninitialized values")
Signed-off-by: Jiasheng Jiang
---
libavcodec/alsdec.c | 5 -
libavcodec/mlz.c| 6 +-
libavcodec/mlz.h| 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 9e1aaf065a..2fbb309d33 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -2122,7 +2122,10 @@ static av_cold int decode_init(AVCodecContext *avctx)
goto fail;
}
-ff_mlz_init_dict(avctx, ctx->mlz);
+ret = ff_mlz_init_dict(avctx, ctx->mlz);
+if (ret < 0)
+goto fail;
+
ff_mlz_flush_dict(ctx->mlz);
for (c = 0; c < avctx->channels; ++c) {
diff --git a/libavcodec/mlz.c b/libavcodec/mlz.c
index dbeb7dcad9..b35607cc7c 100644
--- a/libavcodec/mlz.c
+++ b/libavcodec/mlz.c
@@ -20,8 +20,10 @@
#include "mlz.h"
-av_cold void ff_mlz_init_dict(void* context, MLZ *mlz) {
+av_cold int ff_mlz_init_dict(void* context, MLZ *mlz) {
mlz->dict = av_mallocz(TABLE_SIZE * sizeof(*mlz->dict));
+if (!mlz->dict)
+return AVERROR(ENOMEM);
mlz->flush_code= FLUSH_CODE;
mlz->current_dic_index_max = DIC_INDEX_INIT;
@@ -30,6 +32,8 @@ av_cold void ff_mlz_init_dict(void* context, MLZ *mlz) {
mlz->next_code = FIRST_CODE;
mlz->freeze_flag = 0;
mlz->context = context;
+
+return 0;
}
av_cold void ff_mlz_flush_dict(MLZ *mlz) {
diff --git a/libavcodec/mlz.h b/libavcodec/mlz.h
index c3df52c9b4..01f8e78ec2 100644
--- a/libavcodec/mlz.h
+++ b/libavcodec/mlz.h
@@ -57,7 +57,7 @@ typedef struct MLZ {
/** Initialize the dictionary
*/
-void ff_mlz_init_dict(void* context, MLZ *mlz);
+int ff_mlz_init_dict(void* context, MLZ *mlz);
/** Flush the dictionary
*/
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] swscale/utils: Add missing check for av_malloc
As the potential failure of the memory allocation, the return
value of the av_malloc() could be NULL and be dereferenced on.
Therefore it should be better to check it and return error if fails.
Also, the callers of the ff_shuffle_filter_coefficients() should deal
with the return value.
Fixes: f900a19fa9 ("libswscale: Adds ff_hscale8to15_4_avx2 and
ff_hscale8to15_X4_avx2 for all filter sizes.")
Signed-off-by: Jiasheng Jiang
---
libswscale/swscale_internal.h | 2 +-
libswscale/utils.c| 13 ++---
tests/checkasm/sw_scale.c | 3 ++-
3 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/libswscale/swscale_internal.h b/libswscale/swscale_internal.h
index 3a78d95ba6..26d28d42e6 100644
--- a/libswscale/swscale_internal.h
+++ b/libswscale/swscale_internal.h
@@ -1144,5 +1144,5 @@ void ff_sws_slice_worker(void *priv, int jobnr, int
threadnr,
#define MAX_LINES_AHEAD 4
//shuffle filter and filterPos for hyScale and hcScale filters in avx2
-void ff_shuffle_filter_coefficients(SwsContext *c, int* filterPos, int
filterSize, int16_t *filter, int dstW);
+int ff_shuffle_filter_coefficients(SwsContext *c, int* filterPos, int
filterSize, int16_t *filter, int dstW);
#endif /* SWSCALE_SWSCALE_INTERNAL_H */
diff --git a/libswscale/utils.c b/libswscale/utils.c
index c5ea8853d5..7754a03e00 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -278,7 +278,7 @@ static const FormatEntry format_entries[] = {
[AV_PIX_FMT_P416LE] = { 1, 1 },
};
-void ff_shuffle_filter_coefficients(SwsContext *c, int *filterPos, int
filterSize, int16_t *filter, int dstW){
+int ff_shuffle_filter_coefficients(SwsContext *c, int *filterPos, int
filterSize, int16_t *filter, int dstW){
#if ARCH_X86_64
int i, j, k, l;
int cpu_flags = av_get_cpu_flags();
@@ -292,6 +292,9 @@ void ff_shuffle_filter_coefficients(SwsContext *c, int
*filterPos, int filterSiz
}
if (filterSize > 4){
int16_t *tmp2 = av_malloc(dstW * filterSize * 2);
+if (!tmp2)
+return AVERROR(ENOMEM);
+
memcpy(tmp2, filter, dstW * filterSize * 2);
for (i = 0; i < dstW; i += 16){//pixel
for (k = 0; k < filterSize / 4; ++k){//fcoeff
@@ -311,6 +314,8 @@ void ff_shuffle_filter_coefficients(SwsContext *c, int
*filterPos, int filterSiz
}
}
#endif
+
+return 0;
}
int sws_isSupportedInput(enum AVPixelFormat pix_fmt)
@@ -1836,7 +1841,8 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
get_local_pos(c, 0, 0, 0),
get_local_pos(c, 0, 0, 0))) < 0)
goto fail;
-ff_shuffle_filter_coefficients(c, c->hLumFilterPos,
c->hLumFilterSize, c->hLumFilter, dstW);
+if ((ret = ff_shuffle_filter_coefficients(c, c->hLumFilterPos,
c->hLumFilterSize, c->hLumFilter, dstW)) < 0)
+goto fail;
if ((ret = initFilter(>hChrFilter, >hChrFilterPos,
>hChrFilterSize, c->chrXInc,
c->chrSrcW, c->chrDstW, filterAlign, 1 << 14,
@@ -1846,7 +1852,8 @@ av_cold int sws_init_context(SwsContext *c, SwsFilter
*srcFilter,
get_local_pos(c, c->chrSrcHSubSample,
c->src_h_chr_pos, 0),
get_local_pos(c, c->chrDstHSubSample,
c->dst_h_chr_pos, 0))) < 0)
goto fail;
-ff_shuffle_filter_coefficients(c, c->hChrFilterPos,
c->hChrFilterSize, c->hChrFilter, c->chrDstW);
+if ((ret = ff_shuffle_filter_coefficients(c, c->hChrFilterPos,
c->hChrFilterSize, c->hChrFilter, c->chrDstW)) < 0)
+goto fail;
}
} // initialize horizontal stuff
diff --git a/tests/checkasm/sw_scale.c b/tests/checkasm/sw_scale.c
index 3c0a083b42..0cb0ac4a4a 100644
--- a/tests/checkasm/sw_scale.c
+++ b/tests/checkasm/sw_scale.c
@@ -218,7 +218,8 @@ static void check_hscale(void)
ff_sws_init_scale(ctx);
memcpy(filterAvx2, filter, sizeof(uint16_t) * (SRC_PIXELS *
MAX_FILTER_WIDTH + MAX_FILTER_WIDTH));
if ((cpu_flags & AV_CPU_FLAG_AVX2) && !(cpu_flags &
AV_CPU_FLAG_SLOW_GATHER))
-ff_shuffle_filter_coefficients(ctx, filterPosAvx, width,
filterAvx2, SRC_PIXELS);
+if (ff_shuffle_filter_coefficients(ctx, filterPosAvx, width,
filterAvx2, SRC_PIXELS) < 0)
+fail();
if (check_func(ctx->hcScale, "hscale_%d_to_%d_width%d",
ctx->srcBpc, ctx->dstBpc + 1, width)) {
memset(dst0, 0, SRC_PIXELS * sizeof(dst0[0]));
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/vp3: Add missing check for av_malloc
Since the av_malloc() may fail and return NULL pointer,
it is needed that the 's->edge_emu_buffer' should be checked
whether the new allocation is success.
Fixes: d14723861b ("VP3: fix decoding of videos with stride > 2048")
Signed-off-by: Jiasheng Jiang
---
libavcodec/vp3.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
index e9ab54d736..e2418eb6fa 100644
--- a/libavcodec/vp3.c
+++ b/libavcodec/vp3.c
@@ -2679,8 +2679,13 @@ static int vp3_decode_frame(AVCodecContext *avctx,
AV_GET_BUFFER_FLAG_REF)) < 0)
goto error;
-if (!s->edge_emu_buffer)
+if (!s->edge_emu_buffer) {
s->edge_emu_buffer = av_malloc(9 *
FFABS(s->current_frame.f->linesize[0]));
+if (!s->edge_emu_buffer) {
+ret = AVERROR(ENOMEM);
+goto error;
+}
+}
if (s->keyframe) {
if (!s->theora) {
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/vp6: return value check for av_mallocz
As the potential failure of the av_mallocz(), the 's->alpha_context'
could be NULL and be dereferenced later.
Therefore, it should be better to check it and deal with it if fails
in order to prevent memory leak, same as the av_frame_alloc() in
ff_vp56_init().
Fixes: 39a3894ad5 ("lavc/vp6: Implement "slice" threading for VP6A decode")
Signed-off-by: Jiasheng Jiang
---
libavcodec/vp6.c | 4
1 file changed, 4 insertions(+)
diff --git a/libavcodec/vp6.c b/libavcodec/vp6.c
index d024370793..d75e717082 100644
--- a/libavcodec/vp6.c
+++ b/libavcodec/vp6.c
@@ -653,6 +653,10 @@ static av_cold int vp6_decode_init(AVCodecContext *avctx)
if (s->has_alpha) {
s->alpha_context = av_mallocz(sizeof(VP56Context));
+if (!s->alpha_context) {
+ff_vp56_free(avctx);
+return AVERROR(ENOMEM);
+}
ff_vp56_init_context(avctx, s->alpha_context,
s->flip == -1, s->has_alpha);
ff_vp6dsp_init(>alpha_context->vp56dsp);
--
2.25.1
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
