[FFmpeg-devel] [PATCH 1/5] avcodec/pcm_rechunk_bsf: unref packet before putting a new one in
Michael Niedermayer
michael at niedermayer.cc
Mon Apr 17 14:34:34 EEST 2023
On Mon, Apr 17, 2023 at 08:28:37AM -0300, James Almer wrote:
> On 4/17/2023 8:26 AM, Michael Niedermayer wrote:
> > On Sun, Apr 16, 2023 at 07:57:00PM -0300, James Almer wrote:
> > > On 4/16/2023 7:25 PM, Michael Niedermayer wrote:
> > > > Fixes: memleak
> > > > Fixes: 45982/clusterfuzz-testcase-minimized-ffmpeg_BSF_PCM_RECHUNK_fuzzer-5562089618407424
> > > >
> > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > > ---
> > > > libavcodec/pcm_rechunk_bsf.c | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/libavcodec/pcm_rechunk_bsf.c b/libavcodec/pcm_rechunk_bsf.c
> > > > index 108d9e90b99..3f43934fe9a 100644
> > > > --- a/libavcodec/pcm_rechunk_bsf.c
> > > > +++ b/libavcodec/pcm_rechunk_bsf.c
> > > > @@ -153,6 +153,7 @@ static int rechunk_filter(AVBSFContext *ctx, AVPacket *pkt)
> > > > }
> > > > }
> > > > + av_packet_unref(s->in_pkt);
> > >
> > > This could be pointing to a bug in the above code, and unreffing here like
> > > this would result in data loss.
> > >
> > > Does the following change also fix the memleak?
> > >
> > > > diff --git a/libavcodec/pcm_rechunk_bsf.c b/libavcodec/pcm_rechunk_bsf.c
> > > > index 108d9e90b9..032f914916 100644
> > > > --- a/libavcodec/pcm_rechunk_bsf.c
> > > > +++ b/libavcodec/pcm_rechunk_bsf.c
> > > > @@ -151,7 +151,8 @@ static int rechunk_filter(AVBSFContext *ctx, AVPacket *pkt)
> > > > av_packet_move_ref(pkt, s->in_pkt);
> > > > return send_packet(s, nb_samples, pkt);
> > > > }
> > > > - }
> > > > + } else
> > > > + av_packet_unref(s->in_pkt);
> > > >
> > > > ret = ff_bsf_get_packet_ref(ctx, s->in_pkt);
> > > > if (ret == AVERROR_EOF && s->out_pkt->size) {
> > >
> > > If it does then a zero sized packet with either only side data or that went
> > > through the av_packet_make_refcounted() in av_bsf_send_packet() that left it
> > > with an allocated padding buffer was fed to this bsf.
> >
> > yes this works too
> > and this memleak is open since a year, its the 2nd time i submited this
>
> Yes, i had a sense of deja vu.
>
> > patch, last time the discussions didnt lead to any consensus on what to do
> > I hope this time some fix from someone ends up in git
> >
> > thx
>
> Just apply the suggested change i made above.
ok
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230417/ce9c2a10/attachment.sig>
More information about the ffmpeg-devel
mailing list