[FFmpeg-devel] [PATCH 4/5] avfilter/formats: proper error handling in ff_set_common_*() functions

Mon Mar 16 11:00:13 CET 2015

On date Sunday 2015-03-15 15:15:34 +0100, Clément Bœsch encoded:
> On Sun, Mar 15, 2015 at 03:11:14PM +0100, Clément Bœsch wrote:
> > On Sun, Mar 15, 2015 at 03:07:16PM +0100, Stefano Sabatini wrote:
> > > On date Sunday 2015-03-15 14:24:29 +0100, Clément Bœsch encoded:
> > > > ---
> > > >  libavfilter/formats.c | 45 ++++++++++++++++++++++++++++++++-------------
> > > >  libavfilter/formats.h | 10 +++++-----
> > > >  2 files changed, 37 insertions(+), 18 deletions(-)
> > > > 
> > > > diff --git a/libavfilter/formats.c b/libavfilter/formats.c
> > > > index 6393416..4f9773b 100644
> > > > --- a/libavfilter/formats.c
> > > > +++ b/libavfilter/formats.c
> > > > @@ -401,7 +401,12 @@ AVFilterChannelLayouts *ff_all_channel_counts(void)
> > > >  }
> > > >  
> > > >  #define FORMATS_REF(f, ref)                                                     \
> > > > -    void *tmp = av_realloc_array(f->refs, sizeof(*f->refs), f->refcount + 1);   \
> > > > +    void *tmp;                                                                  \
> > > > +                                                                                \
> > > > +    if (!ref)                                                                   \
> > > > +        return AVERROR_BUG;                                                     \
> > > 
> > > I'd prefer to crash or assert here, assuming the function doesn't
> > > assume NULL, same below.
> > > 
> > 
> > In the current state, these functions could be called with a NULL
> > parameter. Random examples:
> > 
> > libavfilter/src_movie.c: ff_formats_ref(ff_make_format_list(list), &outlink->in_formats);
> > libavfilter/src_movie.c: ff_formats_ref(ff_make_format_list(list), &outlink->in_samplerates);
> > libavfilter/vf_extractplanes.c: ff_formats_ref(ff_make_format_list(in_pixfmts), &ctx->inputs[0]->out_formats);
> > libavfilter/vf_extractplanes.c: ff_formats_ref(ff_make_format_list(out_pixfmts), &ctx->outputs[i]->in_formats);
> > 
> > So I'd better not do that.
> > 
> > > (Unrelated note: "bug" is a silly term, "defect" is more proper - I'm
> > > with Dijkstra here).
> > > 
> 
> To elaborate on this, the bug here is referring to an allocation check not
> done in the caller (there are many currently since I'm just introducing
> the error handling).

I won't block this patch, but getting a crash in a specified point of
the program is more useful than failing with this:

A bug occurred somewhere
-- 
FFmpeg = Foolish and Frenzy Muttering Perennial Evil Gorilla