avfoundation.m: fix potential unreleased lock issue

Chengfeng Ye Thu, 26 Aug 2021 07:41:13 -0700

The problem here is that the lock ctx->frame_lock will become
an unreleased lock if the program returns at patched lines.


Depends-on: series-0001
Cc: cy...@connect.ust.hk
Bug tracker link: https://trac.ffmpeg.org/ticket/9386\#ticket

Signed-off-by: Chengfeng Ye <cy...@connect.ust.hk>
---
 libavdevice/avfoundation.m | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/libavdevice/avfoundation.m b/libavdevice/avfoundation.m
index 8ce3d064c5..0cd6e646d5 100644
--- a/libavdevice/avfoundation.m
+++ b/libavdevice/avfoundation.m
@@ -1067,10 +1067,12 @@ static int avf_read_packet(AVFormatContext *s, AVPacket 
*pkt)
             } else if (block_buffer != nil) {
                 length = (int)CMBlockBufferGetDataLength(block_buffer);
             } else  {
+                unlock_frames(ctx);
                 return AVERROR(EINVAL);
             }
 
             if (av_new_packet(pkt, length) < 0) {
+                unlock_frames(ctx);
                 return AVERROR(EIO);
             }
 
@@ -1097,21 +1099,26 @@ static int avf_read_packet(AVFormatContext *s, AVPacket 
*pkt)
             CFRelease(ctx->current_frame);
             ctx->current_frame = nil;
 
-            if (status < 0)
+            if (status < 0) {
+                unlock_frames(ctx);
                 return status;
+            }
         } else if (ctx->current_audio_frame != nil) {
             CMBlockBufferRef block_buffer = 
CMSampleBufferGetDataBuffer(ctx->current_audio_frame);
             int block_buffer_size         = 
CMBlockBufferGetDataLength(block_buffer);
 
             if (!block_buffer || !block_buffer_size) {
+                unlock_frames(ctx);
                 return AVERROR(EIO);
             }
 
             if (ctx->audio_non_interleaved && block_buffer_size > 
ctx->audio_buffer_size) {
+                unlock_frames(ctx);
                 return AVERROR_BUFFER_TOO_SMALL;
             }
 
             if (av_new_packet(pkt, block_buffer_size) < 0) {
+                unlock_frames(ctx);
                 return AVERROR(EIO);
             }
 
@@ -1131,6 +1138,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket 
*pkt)
 
                 OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, 
pkt->size, ctx->audio_buffer);
                 if (ret != kCMBlockBufferNoErr) {
+                    unlock_frames(ctx);
                     return AVERROR(EIO);
                 }
 
@@ -1142,7 +1150,11 @@ static int avf_read_packet(AVFormatContext *s, AVPacket 
*pkt)
                     int##bps##_t **src;                                        
        \
                     int##bps##_t *dest;                                        
        \
                     src = av_malloc(ctx->audio_channels * 
sizeof(int##bps##_t*));      \
-                    if (!src) return AVERROR(EIO);                             
        \
+                    if (!src) {                                                
        \
+                        unlock_frames(ctx);                                    
        \
+                        return AVERROR(EIO);                                   
        \
+                    }                                                          
        \
+                                                                               
        \
                     for (c = 0; c < ctx->audio_channels; c++) {                
        \
                         src[c] = ((int##bps##_t*)ctx->audio_buffer) + c * 
num_samples; \
                     }                                                          
        \
@@ -1162,6 +1174,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket 
*pkt)
             } else {
                 OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, 
pkt->size, pkt->data);
                 if (ret != kCMBlockBufferNoErr) {
+                    unlock_frames(ctx);
                     return AVERROR(EIO);
                 }
             }
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/2] libavdevice/avfoundation.m: fix potential unreleased lock issue

Reply via email to