[FFmpeg-cvslog] vp9_superframe_bsf: cache packets by creating new references instead of moving pointers
James Almer
git at videolan.org
Sun Nov 12 06:17:01 EET 2017
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Sun Nov 5 13:35:40 2017 -0300| [5c22c90c1d5050f1206e46494b193320ac2397cb] | committer: James Almer
vp9_superframe_bsf: cache packets by creating new references instead of moving pointers
Fixes invalid reads after free.
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c22c90c1d5050f1206e46494b193320ac2397cb
---
libavcodec/vp9_superframe_bsf.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/libavcodec/vp9_superframe_bsf.c b/libavcodec/vp9_superframe_bsf.c
index 3669216009..ad66cb599b 100644
--- a/libavcodec/vp9_superframe_bsf.c
+++ b/libavcodec/vp9_superframe_bsf.c
@@ -148,8 +148,9 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out)
goto done;
}
- s->cache[s->n_cache++] = in;
- in = NULL;
+ res = av_packet_ref(s->cache[s->n_cache++], in);
+ if (res < 0)
+ goto done;
if (invisible) {
res = AVERROR(EAGAIN);
goto done;
@@ -165,7 +166,7 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *out)
goto done;
for (n = 0; n < s->n_cache; n++)
- av_packet_free(&s->cache[n]);
+ av_packet_unref(s->cache[n]);
s->n_cache = 0;
done:
@@ -175,13 +176,28 @@ done:
return res;
}
+static int vp9_superframe_init(AVBSFContext *ctx)
+{
+ VP9BSFContext *s = ctx->priv_data;
+ int n;
+
+ // alloc cache packets
+ for (n = 0; n < MAX_CACHE; n++) {
+ s->cache[n] = av_packet_alloc();
+ if (!s->cache[n])
+ return AVERROR(ENOMEM);
+ }
+
+ return 0;
+}
+
static void vp9_superframe_close(AVBSFContext *ctx)
{
VP9BSFContext *s = ctx->priv_data;
int n;
// free cached data
- for (n = 0; n < s->n_cache; n++)
+ for (n = 0; n < MAX_CACHE; n++)
av_packet_free(&s->cache[n]);
}
@@ -193,6 +209,7 @@ const AVBitStreamFilter ff_vp9_superframe_bsf = {
.name = "vp9_superframe",
.priv_data_size = sizeof(VP9BSFContext),
.filter = vp9_superframe_filter,
+ .init = vp9_superframe_init,
.close = vp9_superframe_close,
.codec_ids = codec_ids,
};
More information about the ffmpeg-cvslog
mailing list