[FFmpeg-devel] [PATCH] lavc/videotoolboxenc: Fix crash by uninitialized value

Thilo Borgmann thilo.borgmann at mail.de
Thu Sep 15 21:42:58 EEST 2022


If create_cv_pixel_buffer() fails, pixel_buffer_info might get into CFRelease() containing an arbitrary value.
---
 libavcodec/videotoolboxenc.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libavcodec/videotoolboxenc.c b/libavcodec/videotoolboxenc.c
index bb3065d1d5..dc9e321d3d 100644
--- a/libavcodec/videotoolboxenc.c
+++ b/libavcodec/videotoolboxenc.c
@@ -1440,7 +1440,7 @@ static int vtenc_create_encoder(AVCodecContext   *avctx,
 static int vtenc_configure_encoder(AVCodecContext *avctx)
 {
     CFMutableDictionaryRef enc_info;
-    CFMutableDictionaryRef pixel_buffer_info;
+    CFMutableDictionaryRef pixel_buffer_info = NULL;
     CMVideoCodecType       codec_type;
     VTEncContext           *vtctx = avctx->priv_data;
     CFStringRef            profile_level = NULL;
@@ -1517,8 +1517,6 @@ static int vtenc_configure_encoder(AVCodecContext *avctx)
         status = create_cv_pixel_buffer_info(avctx, &pixel_buffer_info);
         if (status)
             goto init_cleanup;
-    } else {
-        pixel_buffer_info = NULL;
     }
 
     vtctx->dts_delta = vtctx->has_b_frames ? -1 : 0;
-- 
2.20.1 (Apple Git-117)



More information about the ffmpeg-devel mailing list