[FFmpeg-devel] [PATCH]Fix a crash on oom in hevc decoder

Ronald S. Bultje rsbultje at gmail.com
Thu Oct 31 20:15:43 CET 2013


Hi,

On Thu, Oct 31, 2013 at 3:09 PM, Michael Niedermayer <michaelni at gmx.at>wrote:

> On Thu, Oct 31, 2013 at 08:04:05PM +0100, Carl Eugen Hoyos wrote:
> > Hi!
> >
> > Attached patch fixes a crash on oom when decoding hevc.
> >
> > Please review, Carl Eugen
> >
> > ==13364== Invalid read of size 8
> > ==13364==    at 0xCAED14: av_freep (mem.c:230)
> > ==13364==    by 0x426782: hevc_decode_free (hevc.c:2600)
> > ==13364==    by 0x4269FE: hevc_init_context (hevc.c:2694)
> > ==13364==    by 0x426A82: hevc_decode_init (hevc.c:2832)
> > ==13364==    by 0xA31DFF: avcodec_open2 (utils.c:1413)
> > ==13364==    by 0x5D519A: avformat_find_stream_info (utils.c:2741)
> > ==13364==    by 0x4640C1: open_input_file (ffmpeg_opt.c:818)
> > ==13364==    by 0x462B43: open_files.isra.7 (ffmpeg_opt.c:2505)
> > ==13364==    by 0x469EE8: ffmpeg_parse_options (ffmpeg_opt.c:2542)
> > ==13364==    by 0x460707: main (ffmpeg.c:3422)
> > ==13364==  Address 0x2a4c8 is not stack'd, malloc'd or (recently) free'd
>
> >  hevc.c |    3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > abbf4c9ee1477fe6672c350856bf802b5e6eb55c  patchhevc.diff
> > diff --git a/libavcodec/hevc.c b/libavcodec/hevc.c
> > index 9528323..18fee33 100644
> > --- a/libavcodec/hevc.c
> > +++ b/libavcodec/hevc.c
> > @@ -2597,7 +2597,8 @@ static av_cold int hevc_decode_free(AVCodecContext
> *avctx)
> >
> >      pic_arrays_free(s);
> >
> > -    av_freep(&lc->edge_emu_buffer);
> > +    if (lc)
> > +        av_freep(&lc->edge_emu_buffer);
>
> should be ok


Is there still a need to allocate edge_emu_buffer on-the-fly like this?
With the separate dst_stride and src_stride, we should now be able to
allocate this in-struct in all newly written decoders (see vp8/vp9 as
examples)...

Ronald


More information about the ffmpeg-devel mailing list