[FFmpeg-devel] [PATCH] avutil/hwcontext_dxva2: Don't improperly free IDirect3DSurface9 objects

Mark Thompson sw at jkqxz.net
Tue May 16 23:54:28 EEST 2017


On 16/05/17 13:04, Aaron Levinson wrote:
> Add dxva2_pool_release_dummy() and use it in call to
> av_buffer_create() in dxva2_pool_alloc().
> 
> Prior to this change, av_buffer_create() was called with NULL for the
> third argument, which indicates that av_buffer_default_free() should
> be used to free the buffer's data.  Eventually, it gets to
> buffer_pool_free() and calls buf->free() on a surface object (which is
> av_buffer_default_free()).
> 
> This can result in a crash when the debug version of the C-runtime is
> used on Windows.  While it doesn't appear to result in a crash when
> the release version of the C-runtime is used on Windows, it likely
> results in memory corruption, since av_free() is being called on
> memory that was allocated using
> IDirectXVideoAccelerationService::CreateSurface().
> 
> Signed-off-by: Aaron Levinson <alevinsn at aracnet.com>
> ---
>  libavutil/hwcontext_dxva2.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)

Applied.

Thanks for finding this - I'm rather surprised we haven't seen more serious problems because of it.

- Mark


More information about the ffmpeg-devel mailing list