[FFmpeg-devel] [PATCH] avutil/hwcontext: check the null pointer input value before use it
James Almer
jamrial at gmail.com
Thu Feb 10 14:27:19 EET 2022
On 2/10/2022 9:20 AM, Steven Liu wrote:
> because the src, src->hw_frames_ctx and src->hw_frames_ctx->data can be
> set to null when the user calling av_hwframe_transfer_data, this will
> get crash if they are null.
src can not be NULL. The doxy doesn't allow it.
And if transfer_data_alloc() is called, it's because dst is "clean", and
src must then have a hw_frames_ctx (The doxy explicitly states "At least
one of dst/src must have an AVHWFramesContext attached").
>
> Signed-off-by: Steven Liu <lq at chinaffmpeg.org>
> ---
> libavutil/hwcontext.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/libavutil/hwcontext.c b/libavutil/hwcontext.c
> index 31c7840dba..b42a3a6d4d 100644
> --- a/libavutil/hwcontext.c
> +++ b/libavutil/hwcontext.c
> @@ -396,10 +396,13 @@ int av_hwframe_transfer_get_formats(AVBufferRef *hwframe_ref,
>
> static int transfer_data_alloc(AVFrame *dst, const AVFrame *src, int flags)
> {
> - AVHWFramesContext *ctx = (AVHWFramesContext*)src->hw_frames_ctx->data;
> + AVHWFramesContext *ctx = NULL;
> AVFrame *frame_tmp;
> int ret = 0;
>
> + if (!src || !src->hw_frames_ctx || !src->hw_frames_ctx->data)
> + return AVERROR(EINVAL);
> + ctx = (AVHWFramesContext*)src->hw_frames_ctx->data;
> frame_tmp = av_frame_alloc();
> if (!frame_tmp)
> return AVERROR(ENOMEM);
More information about the ffmpeg-devel
mailing list