ffmpeg | branch: release/6.1 | James Almer <jamr...@gmail.com> | Tue Feb 6 19:50:33 2024 -0300| [bfacb66fc821a6d43c0c83e7222c1c4b8467ae86] | committer: James Almer
avcodec/nvdec: don't free NVDECContext->bitstream Ensure all hwaccels that allocate a buffer use NVDECContext->bitstream_internal instead. Otherwise, if FFHWAccel->end_frame() isn't called before FFHWAccel->uninit(), an attempt to free a stale pointer to memory not owned by the hwaccel could take place. Reviewed-by: Timo Rothenpieler <t...@rothenpieler.org> Signed-off-by: James Almer <jamr...@gmail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=bfacb66fc821a6d43c0c83e7222c1c4b8467ae86 --- libavcodec/nvdec.c | 2 +- libavcodec/nvdec_h264.c | 4 ++-- libavcodec/nvdec_hevc.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libavcodec/nvdec.c b/libavcodec/nvdec.c index 0ec8e896a6..b2481e7fe8 100644 --- a/libavcodec/nvdec.c +++ b/libavcodec/nvdec.c @@ -258,8 +258,8 @@ int ff_nvdec_decode_uninit(AVCodecContext *avctx) { NVDECContext *ctx = avctx->internal->hwaccel_priv_data; - av_freep(&ctx->bitstream); av_freep(&ctx->bitstream_internal); + ctx->bitstream = NULL; ctx->bitstream_len = 0; ctx->bitstream_allocated = 0; diff --git a/libavcodec/nvdec_h264.c b/libavcodec/nvdec_h264.c index f022619b64..8c72d5f4f7 100644 --- a/libavcodec/nvdec_h264.c +++ b/libavcodec/nvdec_h264.c @@ -138,11 +138,11 @@ static int nvdec_h264_decode_slice(AVCodecContext *avctx, const uint8_t *buffer, const H264SliceContext *sl = &h->slice_ctx[0]; void *tmp; - tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated, + tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated, ctx->bitstream_len + size + 3); if (!tmp) return AVERROR(ENOMEM); - ctx->bitstream = tmp; + ctx->bitstream = ctx->bitstream_internal = tmp; tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated, (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets)); diff --git a/libavcodec/nvdec_hevc.c b/libavcodec/nvdec_hevc.c index b83d5edcf9..25319a1328 100644 --- a/libavcodec/nvdec_hevc.c +++ b/libavcodec/nvdec_hevc.c @@ -274,11 +274,11 @@ static int nvdec_hevc_decode_slice(AVCodecContext *avctx, const uint8_t *buffer, NVDECContext *ctx = avctx->internal->hwaccel_priv_data; void *tmp; - tmp = av_fast_realloc(ctx->bitstream, &ctx->bitstream_allocated, + tmp = av_fast_realloc(ctx->bitstream_internal, &ctx->bitstream_allocated, ctx->bitstream_len + size + 3); if (!tmp) return AVERROR(ENOMEM); - ctx->bitstream = tmp; + ctx->bitstream = ctx->bitstream_internal = tmp; tmp = av_fast_realloc(ctx->slice_offsets, &ctx->slice_offsets_allocated, (ctx->nb_slices + 1) * sizeof(*ctx->slice_offsets)); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog To unsubscribe, visit link above, or email ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
