diff options
| author | James Almer <jamrial@gmail.com> | 2024-02-06 19:50:33 -0300 |
|---|---|---|
| committer | James Almer <jamrial@gmail.com> | 2024-02-07 11:31:33 -0300 |
| commit | 7f92014acaadc739660c2cf35bde8e1c7e7aee36 (patch) | |
| tree | 90823785b36d8f9e8dea12ea3d4e2ba55d9962ef | |
| parent | bd3e71b21ec3786ec6fc00ef260af0150f31b71b (diff) | |
| download | ffmpeg-7f92014acaadc739660c2cf35bde8e1c7e7aee36.tar.gz | |
avcodec/nvdec: don't free NVDECContext->bitstream
Ensure all hwaccels that allocate a buffer use NVDECContext->bitstream_internal
instead. Otherwise, if FFHWAccel->end_frame() isn't called before
FFHWAccel->uninit(), an attempt to free a stale pointer to memory not owned by
the hwaccel could take place.
Reviewed-by: Timo Rothenpieler <timo@rothenpieler.org>
Signed-off-by: James Almer <jamrial@gmail.com>
| -rw-r--r-- | libavcodec/nvdec.c | 2 | ||||
| -rw-r--r-- | libavcodec/nvdec_h264.c | 4 | ||||
| -rw-r--r-- | libavcodec/nvdec_hevc.c | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/libavcodec/nvdec.c b/libavcodec/nvdec.c index 27be644356..d13b790632 100644 --- a/libavcodec/nvdec.c +++ b/libavcodec/nvdec.c @@ -259,8 +259,8 @@ int ff_nvdec_decode_uninit(AVCodecContext *avctx) { NVDECContext *ctx = avctx->internal->hwaccel_priv_data; - av_freep(&ctx->bitstream); av_freep(&ctx->bitstream_internal); + ctx->bitstream = NULL; ctx->bitstream_len = 0; ctx->bitstream_allocated = 0; diff --git a/libavcodec/nvdec_h264.c b/libavcodec/nvdec_h264.c index f022619b64..8c72d5f4f7 100644 --- a/libavcodec/nvdec_h264.c +++ b/libavcodec/nvdec_h264.c @@ -138,11 +138,11 @@ static int nvdec_h264_decode_slice(AVCodecContext *avctx, const uint8_t *buffer, const H264SliceContext *sl = &h->slice_ctx[0]; void *tmp; - tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated, + tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated, ctx->bitstream_len + size + 3); if (!tmp) return AVERROR(ENOMEM); - ctx->bitstream = tmp; + ctx->bitstream = ctx->bitstream_internal = tmp; tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated, (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets)); diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c index b83d5edcf9..25319a1328 100644 --- a/libavcodec/nvdec_hevc.c +++ b/libavcodec/nvdec_hevc.c @@ -274,11 +274,11 @@ static int nvdec_hevc_decode_slice(AVCodecContext *avctx, const uint8_t *buffer, NVDECContext *ctx = avctx->internal->hwaccel_priv_data; void *tmp; - tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated, + tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated, ctx->bitstream_len + size + 3); if (!tmp) return AVERROR(ENOMEM); - ctx->bitstream = tmp; + ctx->bitstream = ctx->bitstream_internal = tmp; tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated, (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets)); |