Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
avcodec/hevcdec: check that the local context list was allocated befo…
…re dereferencing it

Since the decoder is not flagged as init cleanup capable, hevc_decode_free()
is being called manually if the hevc_decode_extradata() call fails at the end
of hevc_decode_init().
In a frame threading scenario, however, if AVCodec->init() returns an error,
ff_frame_thread_free() will be called regardless of the above flag being set
or not, resulting in hevc_decode_free() being called a second time for the
same context.

Workaround this by ensuring pointers are not dereferenced if they are NULL,
and set the decoder as init cleanup capable while at it.

Fixes ticket #9099.

Signed-off-by: James Almer <jamrial@gmail.com>
  • Loading branch information
jamrial committed Feb 11, 2021
1 parent 44facfb commit 089706e
Showing 1 changed file with 4 additions and 8 deletions.
12 changes: 4 additions & 8 deletions libavcodec/hevcdec.c
Expand Up @@ -3417,16 +3417,13 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx)
av_freep(&s->sh.offset);
av_freep(&s->sh.size);

for (i = 1; i < s->threads_number; i++) {
HEVCLocalContext *lc = s->HEVClcList[i];
if (lc) {
if (s->HEVClcList && s->sList) {
for (i = 1; i < s->threads_number; i++) {
av_freep(&s->HEVClcList[i]);
av_freep(&s->sList[i]);
}
}
if (s->HEVClc == s->HEVClcList[0])
s->HEVClc = NULL;
av_freep(&s->HEVClcList[0]);
av_freep(&s->HEVClc);
av_freep(&s->HEVClcList);
av_freep(&s->sList);

Expand Down Expand Up @@ -3622,7 +3619,6 @@ static av_cold int hevc_decode_init(AVCodecContext *avctx)
if (avctx->extradata_size > 0 && avctx->extradata) {
ret = hevc_decode_extradata(s, avctx->extradata, avctx->extradata_size, 1);
if (ret < 0) {
hevc_decode_free(avctx);
return ret;
}
}
Expand Down Expand Up @@ -3673,7 +3669,7 @@ AVCodec ff_hevc_decoder = {
.capabilities = AV_CODEC_CAP_DR1 | AV_CODEC_CAP_DELAY |
AV_CODEC_CAP_SLICE_THREADS | AV_CODEC_CAP_FRAME_THREADS,
.caps_internal = FF_CODEC_CAP_INIT_THREADSAFE | FF_CODEC_CAP_EXPORTS_CROPPING |
FF_CODEC_CAP_ALLOCATE_PROGRESS,
FF_CODEC_CAP_ALLOCATE_PROGRESS | FF_CODEC_CAP_INIT_CLEANUP,
.profiles = NULL_IF_CONFIG_SMALL(ff_hevc_profiles),
.hw_configs = (const AVCodecHWConfigInternal *const []) {
#if CONFIG_HEVC_DXVA2_HWACCEL
Expand Down

0 comments on commit 089706e

Please sign in to comment.