On 2/10/2022 11:16 PM, Steven Liu wrote:
2022年2月11日 上午10:10,James Almer <jamr...@gmail.com> 写道:
On 2/10/2022 11:03 PM, Steven Liu wrote:
2022年2月11日 上午10:01,James Almer <jamr...@gmail.com> 写道:
On 2/10/2022 10:43 PM, Steven Liu wrote:
2022年2月10日 下午8:27,James Almer <jamr...@gmail.com> 写道:
On 2/10/2022 9:20 AM, Steven Liu wrote:
because the src, src->hw_frames_ctx and src->hw_frames_ctx->data can be
set to null when the user calling av_hwframe_transfer_data, this will
get crash if they are null.
src can not be NULL. The doxy doesn't allow it.
Hi James,
User call av_hwframe_transfer_data like this:
av_hwframe_transfer_data(dst, NULL, 0);
It will crash when dst->buf[0] is null.
Because dst->buf[0] is null and src is null, it will call transfer_data_alloc, but
the first line is ctx = (AVHWFramesContext*)src->hw_frames_ctx->data; in
transfer_data_alloc,
It using src->hw_frames_ctx.
av_hwframe_transfer_data is av_*, it is API to user.
Maybe this is not logic problem, looks like a security problem.
I know what happens when you pass NULL as src argument. My point is that it's
not a security problem because that's an API violation and an explicitly
forbidden scenario: Neither src or dst can be NULL, and at least one of them
must have an AVHWFramesContext attached. Any application not following that is
faulty and buggy, and needs to be fixed.
And you can get crashes by passing NULL arguments to lots of public libav*
functions, not just this one.
Won’t we fix them?
We have nothing to fix. If someone writes an application that calls
avcodec_open2(NULL, NULL, NULL) despite it being strictly forbidden, then it's
their fault and they deserve the segfaults they will get.
I think API should give the caller an error message or failed value, because
segfault is an exception and that means API is not robust, the return value
should EINVAL if the user input arguments incorrect.
I disagree. Returning EINVAL at runtime lets the user know they probably
did something wrong, like trying to open a decoder context using a
decoder that's not in the whitelist. That's not API misuse, that's an
invalid argument that could realistically happen in an application
exposing such settings to the user.
But passing a NULL AVCodecContext? That's not the user doing something
wrong, that's the application developer doing something wrong. A
graceful failure in that case is misleading.
With av_hwframe_transfer_data() you transfer data from something to
something else. If src is NULL, what are you transferring data from? Why
did your application ever try to do that? You need to fix it so it never
happens.
Thanks
Steven Liu
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
