aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Almer <jamrial@gmail.com>2017-10-31 16:18:32 -0300
committerJames Almer <jamrial@gmail.com>2017-10-31 16:24:26 -0300
commit37f4a093f7f95241e4fcd582758504491e85e488 (patch)
tree2d54b6ba91453b936754a795b5a244cec2a02620
parent88c7aa13dd30bcbdacdb416cef80811dc83fce23 (diff)
downloadffmpeg-37f4a093f7f95241e4fcd582758504491e85e488.tar.gz
avcodec/vp9_superframe_bsf: allocate cache of packets during init
Also use av_packet_move_ref() to cache them instead of copying pointers. Fixes invalid reads since e1bc3f4396ade6033787717d3650fb62663eae8. Signed-off-by: James Almer <jamrial@gmail.com>
-rw-r--r--libavcodec/vp9_superframe_bsf.c24
1 files changed, 20 insertions, 4 deletions
diff --git a/libavcodec/vp9_superframe_bsf.c b/libavcodec/vp9_superframe_bsf.c
index 121d3a3d81..dea2cc232f 100644
--- a/libavcodec/vp9_superframe_bsf.c
+++ b/libavcodec/vp9_superframe_bsf.c
@@ -147,8 +147,8 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out)
goto done;
}
- s->cache[s->n_cache++] = in;
- in = NULL;
+ av_packet_move_ref(s->cache[s->n_cache++], in);
+
if (invisible) {
res = AVERROR(EAGAIN);
goto done;
@@ -164,7 +164,7 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out)
goto done;
for (n = 0; n < s->n_cache; n++)
- av_packet_free(&s->cache[n]);
+ av_packet_unref(s->cache[n]);
s->n_cache = 0;
done:
@@ -174,13 +174,28 @@ done:
return res;
}
+static int vp9_superframe_init(AVBSFContext *ctx)
+{
+ VP9BSFContext *s = ctx->priv_data;
+ int n;
+
+ // alloc cached data
+ for (n = 0; n < MAX_CACHE; n++) {
+ s->cache[n] = av_packet_alloc();
+ if (!s->cache[n])
+ return AVERROR(ENOMEM);
+ }
+
+ return 0;
+}
+
static void vp9_superframe_close(AVBSFContext *ctx)
{
VP9BSFContext *s = ctx->priv_data;
int n;
// free cached data
- for (n = 0; n < s->n_cache; n++)
+ for (n = 0; n < MAX_CACHE; n++)
av_packet_free(&s->cache[n]);
}
@@ -192,6 +207,7 @@ const AVBitStreamFilter ff_vp9_superframe_bsf = {
.name = "vp9_superframe",
.priv_data_size = sizeof(VP9BSFContext),
.filter = vp9_superframe_filter,
+ .init = vp9_superframe_init,
.close = vp9_superframe_close,
.codec_ids = codec_ids,
};