[FFmpeg-devel] [PATCH] lavc/videotoolboxenc: Fix crash by uninitialized value
Thilo Borgmann
thilo.borgmann at mail.de
Wed Sep 21 14:41:23 EEST 2022
Am 15.09.22 um 20:42 schrieb Thilo Borgmann:
> If create_cv_pixel_buffer() fails, pixel_buffer_info might get into CFRelease() containing an arbitrary value.
> ---
> libavcodec/videotoolboxenc.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/libavcodec/videotoolboxenc.c b/libavcodec/videotoolboxenc.c
> index bb3065d1d5..dc9e321d3d 100644
> --- a/libavcodec/videotoolboxenc.c
> +++ b/libavcodec/videotoolboxenc.c
> @@ -1440,7 +1440,7 @@ static int vtenc_create_encoder(AVCodecContext *avctx,
> static int vtenc_configure_encoder(AVCodecContext *avctx)
> {
> CFMutableDictionaryRef enc_info;
> - CFMutableDictionaryRef pixel_buffer_info;
> + CFMutableDictionaryRef pixel_buffer_info = NULL;
> CMVideoCodecType codec_type;
> VTEncContext *vtctx = avctx->priv_data;
> CFStringRef profile_level = NULL;
> @@ -1517,8 +1517,6 @@ static int vtenc_configure_encoder(AVCodecContext *avctx)
> status = create_cv_pixel_buffer_info(avctx, &pixel_buffer_info);
> if (status)
> goto init_cleanup;
> - } else {
> - pixel_buffer_info = NULL;
> }
>
> vtctx->dts_delta = vtctx->has_b_frames ? -1 : 0;
LGTM's by ePirat on IRC. Pushed.
Thanks,
Thilo
More information about the ffmpeg-devel
mailing list