On Sun, Feb 9, 2025 at 5:43 AM Frank Plowman <p...@frankplowman.com> wrote:
> In the fail: block of decode_nal_units, a check as to whether fc->ref is
> nonzero is used. Before this patch, fc->ref was set to NULL in
> frame_context_setup. The issue is that, by the time frame_context_setup
> is called, falliable functions (namely slices_realloc and
> ff_vvc_decode_frame_ps) have already been called. Therefore, there
> could arise a situation in which the fc->ref test of decode_nal_units'
> fail: block is performed while fc->ref has an invalid value. This seems
> to be particularly prevalent in situations where the FrameContexts are
> being reused. The patch resolves the issue by moving the assignment of
> fc->ref to NULL to the very top of decode_nal_units, before any falliable
> functions are called.
>
Thank you, Frank.
Applied.
>
> Signed-off-by: Frank Plowman <p...@frankplowman.com>
> ---
> libavcodec/vvc/dec.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c
> index 51dd60ae92..572e904301 100644
> --- a/libavcodec/vvc/dec.c
> +++ b/libavcodec/vvc/dec.c
> @@ -671,8 +671,6 @@ static int frame_context_setup(VVCFrameContext *fc,
> VVCContext *s)
> {
> int ret;
>
> - fc->ref = NULL;
> -
> // copy refs from the last frame
> if (s->nb_frames && s->nb_fcs > 1) {
> VVCFrameContext *prev = get_frame_context(s, fc, -1);
> @@ -927,6 +925,7 @@ static int decode_nal_units(VVCContext *s,
> VVCFrameContext *fc, AVPacket *avpkt)
> int ret = 0;
> s->last_eos = s->eos;
> s->eos = 0;
> + fc->ref = NULL;
>
> ff_cbs_fragment_reset(frame);
> ret = ff_cbs_read_packet(s->cbc, frame, avpkt);
> --
> 2.47.0
>
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
