[pull] master from FFmpeg:master#695
Merged
pull[bot] merged 7 commits intoMu-L:masterfrom Feb 19, 2021
Merged
Conversation
This patch also fixes a -Wtautological-constant-out-of-range-compare warning from Clang and a -Wtype-limits warning from GCC on systems where size_t is 64bits and unsigned 32bits. The reason for this seems to be that variable (whose value derives from sizeof() and can therefore be known at compile-time) is used instead of using sizeof() directly in the comparison. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
The MPEG-PS muxer uses a custom queue of custom packets. To keep track of it, it has a pointer (named predecode_packet) to the head of the queue and a pointer to where the next packet is to be added (it points to the next-pointer of the last element of the queue); furthermore, there is also a pointer that points into the queue (called premux_packet). The exact behaviour was as follows: If premux_packet was NULL when a packet is received, it is taken to mean that the old queue is empty and a new queue is started. premux_packet will point to the head of said queue and the next_packet-pointer points to its next pointer. If predecode_packet is NULL, it will also made to point to the newly allocated element. But if premux_packet is NULL and predecode_packet is not, then there will be two queues with head elements premux_packet and predecode_packet. Yet only elements reachable from predecode_packet are ever freed, so the premux_packet queue leaks. Worse yet, when the predecode_packet queue will be eventually exhausted, predecode_packet will be made to point into the other queue and when predecode_packet will be freed, the next pointer of the preceding element of the queue will still point to the element just freed. This element might very well be still reachable from premux_packet which leads to use-after-frees lateron. This happened in the tickets mentioned below. Fix this by never creating two queues in the first place by checking for predecode_packet to know whether the queue is empty. If premux_packet is NULL, then it is set to the newly allocated element of the queue. Fixes tickets #6887, #8188 and #8266. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Do this by moving the check before the allocation. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Inside a function a superfluous ';' is just a null-statement; yet outside it is invalid, even though compilers happen to accept them. They (at least GCC and Clang) only warn about this when on -pedantic. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )