[FFmpeg-cvslog] avcodec/nvdec: don't free NVDECContext->bitstream

James Almer git at videolan.org
Wed Feb 7 16:36:34 EET 2024 

ffmpeg | branch: release/6.1 | James Almer <jamrial at gmail.com> | Tue Feb  6 19:50:33 2024 -0300| [bfacb66fc821a6d43c0c83e7222c1c4b8467ae86] | committer: James Almer

avcodec/nvdec: don't free NVDECContext->bitstream

Ensure all hwaccels that allocate a buffer use NVDECContext->bitstream_internal
instead. Otherwise, if FFHWAccel->end_frame() isn't called before
FFHWAccel->uninit(), an attempt to free a stale pointer to memory not owned by
the hwaccel could take place.

Reviewed-by: Timo Rothenpieler <timo at rothenpieler.org>
Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bfacb66fc821a6d43c0c83e7222c1c4b8467ae86
---

 libavcodec/nvdec.c      | 2 +-
 libavcodec/nvdec_h264.c | 4 ++--
 libavcodec/nvdec_hevc.c | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libavcodec/nvdec.c b/libavcodec/nvdec.c
index 0ec8e896a6..b2481e7fe8 100644
--- a/libavcodec/nvdec.c
+++ b/libavcodec/nvdec.c
@@ -258,8 +258,8 @@ int ff_nvdec_decode_uninit(AVCodecContext *avctx)
 {
     NVDECContext *ctx = avctx->internal->hwaccel_priv_data;
 
-    av_freep(&ctx->bitstream);
     av_freep(&ctx->bitstream_internal);
+    ctx->bitstream           = NULL;
     ctx->bitstream_len       = 0;
     ctx->bitstream_allocated = 0;
 
diff --git a/libavcodec/nvdec_h264.c b/libavcodec/nvdec_h264.c
index f022619b64..8c72d5f4f7 100644
--- a/libavcodec/nvdec_h264.c
+++ b/libavcodec/nvdec_h264.c
@@ -138,11 +138,11 @@ static int nvdec_h264_decode_slice(AVCodecContext *avctx, const uint8_t *buffer,
     const H264SliceContext *sl = &h->slice_ctx[0];
     void *tmp;
 
-    tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated,
+    tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated,
                           ctx->bitstream_len + size + 3);
     if (!tmp)
         return AVERROR(ENOMEM);
-    ctx->bitstream = tmp;
+    ctx->bitstream = ctx->bitstream_internal = tmp;
 
     tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated,
                           (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets));
diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c
index b83d5edcf9..25319a1328 100644
--- a/libavcodec/nvdec_hevc.c
+++ b/libavcodec/nvdec_hevc.c
@@ -274,11 +274,11 @@ static int nvdec_hevc_decode_slice(AVCodecContext *avctx, const uint8_t *buffer,
     NVDECContext *ctx = avctx->internal->hwaccel_priv_data;
     void *tmp;
 
-    tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated,
+    tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated,
                           ctx->bitstream_len + size + 3);
     if (!tmp)
         return AVERROR(ENOMEM);
-    ctx->bitstream = tmp;
+    ctx->bitstream = ctx->bitstream_internal = tmp;
 
     tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated,
                           (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets));

More information about the ffmpeg-cvslog mailing list