[FFmpeg-devel] [PATCH 1/3] avutil/hwcontext_vaapi: Abuse the AVBuffer API a bit less

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Mon Oct 4 17:32:56 EEST 2021

In this case there is no underlying data at all; the actual data
has been shoe-horned into the pointer, which does not point to any
storage owned by us. So use a size of zero as buffer pool size.

(This fixes segfaults if one uses vaapi with memory poisoning enabled;
but the memset call in pool_release_buffer() still receives an invalid
pointer, so it is still undefined behaviour.)

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
 libavutil/hwcontext_vaapi.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavutil/hwcontext_vaapi.c b/libavutil/hwcontext_vaapi.c
index 83e542876d..3578d49da3 100644
--- a/libavutil/hwcontext_vaapi.c
+++ b/libavutil/hwcontext_vaapi.c
@@ -490,7 +490,7 @@ static AVBufferRef *vaapi_pool_alloc(void *opaque, size_t size)
     av_log(hwfc, AV_LOG_DEBUG, "Created surface %#x.\n", surface_id);
     ref = av_buffer_create((uint8_t*)(uintptr_t)surface_id,
-                           sizeof(surface_id), &vaapi_buffer_free,
+                           0, &vaapi_buffer_free,
                            hwfc, AV_BUFFER_FLAG_READONLY);
     if (!ref) {
         vaDestroySurfaces(hwctx->display, &surface_id, 1);
@@ -593,7 +593,7 @@ static int vaapi_frames_init(AVHWFramesContext *hwfc)
         hwfc->internal->pool_internal =
-            av_buffer_pool_init2(sizeof(VASurfaceID), hwfc,
+            av_buffer_pool_init2(0, hwfc,
                                  &vaapi_pool_alloc, NULL);
         if (!hwfc->internal->pool_internal) {
             av_log(hwfc, AV_LOG_ERROR, "Failed to create VAAPI surface pool.\n");

More information about the ffmpeg-devel mailing list