diff options
author | James Almer <jamrial@gmail.com> | 2017-10-31 16:18:32 -0300 |
---|---|---|
committer | James Almer <jamrial@gmail.com> | 2017-10-31 16:24:26 -0300 |
commit | 37f4a093f7f95241e4fcd582758504491e85e488 (patch) | |
tree | 2d54b6ba91453b936754a795b5a244cec2a02620 | |
parent | 88c7aa13dd30bcbdacdb416cef80811dc83fce23 (diff) | |
download | ffmpeg-37f4a093f7f95241e4fcd582758504491e85e488.tar.gz |
avcodec/vp9_superframe_bsf: allocate cache of packets during init
Also use av_packet_move_ref() to cache them instead of copying
pointers.
Fixes invalid reads since e1bc3f4396ade6033787717d3650fb62663eae8.
Signed-off-by: James Almer <jamrial@gmail.com>
-rw-r--r-- | libavcodec/vp9_superframe_bsf.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/libavcodec/vp9_superframe_bsf.c b/libavcodec/vp9_superframe_bsf.c index 121d3a3d81..dea2cc232f 100644 --- a/libavcodec/vp9_superframe_bsf.c +++ b/libavcodec/vp9_superframe_bsf.c @@ -147,8 +147,8 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out) goto done; } - s->cache[s->n_cache++] = in; - in = NULL; + av_packet_move_ref(s->cache[s->n_cache++], in); + if (invisible) { res = AVERROR(EAGAIN); goto done; @@ -164,7 +164,7 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out) goto done; for (n = 0; n < s->n_cache; n++) - av_packet_free(&s->cache[n]); + av_packet_unref(s->cache[n]); s->n_cache = 0; done: @@ -174,13 +174,28 @@ done: return res; } +static int vp9_superframe_init(AVBSFContext *ctx) +{ + VP9BSFContext *s = ctx->priv_data; + int n; + + // alloc cached data + for (n = 0; n < MAX_CACHE; n++) { + s->cache[n] = av_packet_alloc(); + if (!s->cache[n]) + return AVERROR(ENOMEM); + } + + return 0; +} + static void vp9_superframe_close(AVBSFContext *ctx) { VP9BSFContext *s = ctx->priv_data; int n; // free cached data - for (n = 0; n < s->n_cache; n++) + for (n = 0; n < MAX_CACHE; n++) av_packet_free(&s->cache[n]); } @@ -192,6 +207,7 @@ const AVBitStreamFilter ff_vp9_superframe_bsf = { .name = "vp9_superframe", .priv_data_size = sizeof(VP9BSFContext), .filter = vp9_superframe_filter, + .init = vp9_superframe_init, .close = vp9_superframe_close, .codec_ids = codec_ids, }; |