[FFmpeg-devel] [PATCH] avcodec/vp9_raw_reorder: cache input packets using new references

James Almer jamrial at gmail.com
Thu Mar 22 05:05:18 EET 2018


Input packets may not be ref counted, meaning the data described in them
may be gone at any time.

Fixes segfaults related to the above.

Signed-off-by: James Almer <jamrial at gmail.com>
---
 libavcodec/vp9_raw_reorder_bsf.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vp9_raw_reorder_bsf.c b/libavcodec/vp9_raw_reorder_bsf.c
index 01f3dad898..9c37e9891d 100644
--- a/libavcodec/vp9_raw_reorder_bsf.c
+++ b/libavcodec/vp9_raw_reorder_bsf.c
@@ -278,7 +278,7 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf, AVPacket *out)
 {
     VP9RawReorderContext *ctx = bsf->priv_data;
     VP9RawReorderFrame *frame;
-    AVPacket *in;
+    AVPacket *in = NULL;
     int err, s;
 
     if (ctx->next_frame) {
@@ -305,7 +305,12 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf, AVPacket *out)
             return AVERROR(ENOMEM);
         }
 
-        frame->packet   = in;
+        frame->packet = av_packet_clone(in);
+        if (!frame->packet) {
+            err = AVERROR(ENOMEM);
+            goto fail;
+        }
+
         frame->pts      = in->pts;
         frame->sequence = ++ctx->sequence;
         err = vp9_raw_reorder_frame_parse(bsf, frame);
@@ -348,8 +353,10 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf, AVPacket *out)
                 // Clear the slot anyway, so we don't end up
                 // in an infinite loop.
                 vp9_raw_reorder_clear_slot(ctx, s);
+                av_packet_free(&in);
                 return AVERROR_INVALIDDATA;
             }
+            av_packet_free(&in);
             return 0;
         }
         vp9_raw_reorder_clear_slot(ctx, s);
@@ -368,20 +375,24 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf, AVPacket *out)
             av_log(bsf, AV_LOG_ERROR, "Failed to create output "
                    "for transient frame.\n");
             ctx->next_frame = NULL;
+            av_packet_free(&in);
             return AVERROR_INVALIDDATA;
         }
         if (!frame->needs_display) {
             vp9_raw_reorder_frame_free(&frame);
             ctx->next_frame = NULL;
         }
+        av_packet_free(&in);
         return 0;
     }
 
     ctx->next_frame = NULL;
+    av_packet_free(&in);
     return AVERROR(EAGAIN);
 
 fail:
     vp9_raw_reorder_frame_free(&frame);
+    av_packet_free(&in);
     return err;
 }
 
-- 
2.16.2



More information about the ffmpeg-devel mailing list