[FFmpeg-devel] [PATCH 2/2] libavdevice/avfoundation.m: fix potential unreleased lock issue
Chengfeng Ye
cyeaa at connect.ust.hk
Thu Aug 26 17:40:46 EEST 2021
The problem here is that the lock ctx->frame_lock will become
an unreleased lock if the program returns at patched lines.
Depends-on: series-0001
Cc: cyeaa at connect.ust.hk
Bug tracker link: https://trac.ffmpeg.org/ticket/9386\#ticket
Signed-off-by: Chengfeng Ye <cyeaa at connect.ust.hk>
---
libavdevice/avfoundation.m | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/libavdevice/avfoundation.m b/libavdevice/avfoundation.m
index 8ce3d064c5..0cd6e646d5 100644
--- a/libavdevice/avfoundation.m
+++ b/libavdevice/avfoundation.m
@@ -1067,10 +1067,12 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
} else if (block_buffer != nil) {
length = (int)CMBlockBufferGetDataLength(block_buffer);
} else {
+ unlock_frames(ctx);
return AVERROR(EINVAL);
}
if (av_new_packet(pkt, length) < 0) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1097,21 +1099,26 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
CFRelease(ctx->current_frame);
ctx->current_frame = nil;
- if (status < 0)
+ if (status < 0) {
+ unlock_frames(ctx);
return status;
+ }
} else if (ctx->current_audio_frame != nil) {
CMBlockBufferRef block_buffer = CMSampleBufferGetDataBuffer(ctx->current_audio_frame);
int block_buffer_size = CMBlockBufferGetDataLength(block_buffer);
if (!block_buffer || !block_buffer_size) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
if (ctx->audio_non_interleaved && block_buffer_size > ctx->audio_buffer_size) {
+ unlock_frames(ctx);
return AVERROR_BUFFER_TOO_SMALL;
}
if (av_new_packet(pkt, block_buffer_size) < 0) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1131,6 +1138,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, pkt->size, ctx->audio_buffer);
if (ret != kCMBlockBufferNoErr) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
@@ -1142,7 +1150,11 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
int##bps##_t **src; \
int##bps##_t *dest; \
src = av_malloc(ctx->audio_channels * sizeof(int##bps##_t*)); \
- if (!src) return AVERROR(EIO); \
+ if (!src) { \
+ unlock_frames(ctx); \
+ return AVERROR(EIO); \
+ } \
+ \
for (c = 0; c < ctx->audio_channels; c++) { \
src[c] = ((int##bps##_t*)ctx->audio_buffer) + c * num_samples; \
} \
@@ -1162,6 +1174,7 @@ static int avf_read_packet(AVFormatContext *s, AVPacket *pkt)
} else {
OSStatus ret = CMBlockBufferCopyDataBytes(block_buffer, 0, pkt->size, pkt->data);
if (ret != kCMBlockBufferNoErr) {
+ unlock_frames(ctx);
return AVERROR(EIO);
}
}
--
2.17.1
More information about the ffmpeg-devel
mailing list