[FFmpeg-cvslog] avcodec/hevcdec: dynamic allocate sList and HEVClcList
Nuo Mi
git at videolan.org
Thu Dec 10 11:11:26 EET 2020
ffmpeg | branch: master | Nuo Mi <nuomi2021 at gmail.com> | Sun Nov 29 23:30:10 2020 +0800| [d4751d8c630983e6343c3100debb5de80be50ac3] | committer: Anton Khirnov
avcodec/hevcdec: dynamic allocate sList and HEVClcList
following comandline will crash the ffmpeg
ffmpeg -threads 17 -thread_type slice -i WPP_A_ericsson_MAIN_2.bit out.yuv -y
the HEVCContext->sList size is MAX_NB_THREADS(16), any > 16 thread number will crash the application
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d4751d8c630983e6343c3100debb5de80be50ac3
---
libavcodec/hevcdec.c | 26 +++++++++++++++-----------
libavcodec/hevcdec.h | 5 ++---
2 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/libavcodec/hevcdec.c b/libavcodec/hevcdec.c
index b2e196b294..be814bba80 100644
--- a/libavcodec/hevcdec.c
+++ b/libavcodec/hevcdec.c
@@ -3427,6 +3427,8 @@ static av_cold int hevc_decode_free(AVCodecContext *avctx)
if (s->HEVClc == s->HEVClcList[0])
s->HEVClc = NULL;
av_freep(&s->HEVClcList[0]);
+ av_freep(&s->HEVClcList);
+ av_freep(&s->sList);
ff_h2645_packet_uninit(&s->pkt);
@@ -3443,7 +3445,9 @@ static av_cold int hevc_init_context(AVCodecContext *avctx)
s->avctx = avctx;
s->HEVClc = av_mallocz(sizeof(HEVCLocalContext));
- if (!s->HEVClc)
+ s->HEVClcList = av_mallocz(sizeof(HEVCLocalContext*) * s->threads_number);
+ s->sList = av_mallocz(sizeof(HEVCContext*) * s->threads_number);
+ if (!s->HEVClc || !s->HEVClcList || !s->sList)
goto fail;
s->HEVClcList[0] = s->HEVClc;
s->sList[0] = s;
@@ -3594,6 +3598,16 @@ static av_cold int hevc_decode_init(AVCodecContext *avctx)
HEVCContext *s = avctx->priv_data;
int ret;
+ if(avctx->active_thread_type & FF_THREAD_SLICE)
+ s->threads_number = avctx->thread_count;
+ else
+ s->threads_number = 1;
+
+ if((avctx->active_thread_type & FF_THREAD_FRAME) && avctx->thread_count > 1)
+ s->threads_type = FF_THREAD_FRAME;
+ else
+ s->threads_type = FF_THREAD_SLICE;
+
ret = hevc_init_context(avctx);
if (ret < 0)
return ret;
@@ -3604,11 +3618,6 @@ static av_cold int hevc_decode_init(AVCodecContext *avctx)
atomic_init(&s->wpp_err, 0);
- if(avctx->active_thread_type & FF_THREAD_SLICE)
- s->threads_number = avctx->thread_count;
- else
- s->threads_number = 1;
-
if (!avctx->internal->is_copy) {
if (avctx->extradata_size > 0 && avctx->extradata) {
ret = hevc_decode_extradata(s, avctx->extradata, avctx->extradata_size, 1);
@@ -3619,11 +3628,6 @@ static av_cold int hevc_decode_init(AVCodecContext *avctx)
}
}
- if((avctx->active_thread_type & FF_THREAD_FRAME) && avctx->thread_count > 1)
- s->threads_type = FF_THREAD_FRAME;
- else
- s->threads_type = FF_THREAD_SLICE;
-
return 0;
}
diff --git a/libavcodec/hevcdec.h b/libavcodec/hevcdec.h
index 39c5c7f89f..c0a138e97a 100644
--- a/libavcodec/hevcdec.h
+++ b/libavcodec/hevcdec.h
@@ -42,7 +42,6 @@
#include "thread.h"
#include "videodsp.h"
-#define MAX_NB_THREADS 16
#define SHIFT_CTB_WPP 2
//TODO: check if this is really the maximum
@@ -468,9 +467,9 @@ typedef struct HEVCContext {
const AVClass *c; // needed by private avoptions
AVCodecContext *avctx;
- struct HEVCContext *sList[MAX_NB_THREADS];
+ struct HEVCContext **sList;
- HEVCLocalContext *HEVClcList[MAX_NB_THREADS];
+ HEVCLocalContext **HEVClcList;
HEVCLocalContext *HEVClc;
uint8_t threads_type;
More information about the ffmpeg-cvslog
mailing list