* [FFmpeg-devel] [PATCH] Fix new Coverity issues (PR #20807)
@ 2025-10-31 19:06 James Almer via ffmpeg-devel
0 siblings, 0 replies; only message in thread
From: James Almer via ffmpeg-devel @ 2025-10-31 19:06 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: James Almer
PR #20807 opened by James Almer (jamrial)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20807
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20807.patch
>From fc67642ae6ad13b9bebff3f354cc249be70c917a Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Fri, 31 Oct 2025 15:54:27 -0300
Subject: [PATCH 1/4] fftools/ffmpeg: make fg_create{_simple,} clear the input
string pointer
The graph string is either freed or attached to the filtergraph, so it's best to
not leave a dangling pointer with the caller.
Signed-off-by: James Almer <jamrial@gmail.com>
---
fftools/ffmpeg.h | 6 +++---
fftools/ffmpeg_demux.c | 2 +-
fftools/ffmpeg_filter.c | 14 ++++++++------
fftools/ffmpeg_mux_init.c | 2 +-
fftools/ffmpeg_opt.c | 2 +-
5 files changed, 14 insertions(+), 12 deletions(-)
diff --git a/fftools/ffmpeg.h b/fftools/ffmpeg.h
index c866980251..cc2ea1a56e 100644
--- a/fftools/ffmpeg.h
+++ b/fftools/ffmpeg.h
@@ -811,7 +811,7 @@ int parse_and_set_vsync(const char *arg, enum VideoSyncMethod *vsync_var, int fi
int filtergraph_is_simple(const FilterGraph *fg);
int fg_create_simple(FilterGraph **pfg,
InputStream *ist,
- char *graph_desc,
+ char **graph_desc,
Scheduler *sch, unsigned sched_idx_enc,
const OutputFilterOptions *opts);
int fg_finalise_bindings(void);
@@ -834,10 +834,10 @@ int ofilter_bind_enc(OutputFilter *ofilter,
/**
* Create a new filtergraph in the global filtergraph list.
*
- * @param graph_desc Graph description; an av_malloc()ed string, filtergraph
+ * @param graph_desc Pointer to graph description; an av_malloc()ed string, filtergraph
* takes ownership of it.
*/
-int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch,
+int fg_create(FilterGraph **pfg, char **graph_desc, Scheduler *sch,
const OutputFilterOptions *opts);
void fg_free(FilterGraph **pfg);
diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
index 6901f59dd0..29ef86b7c9 100644
--- a/fftools/ffmpeg_demux.c
+++ b/fftools/ffmpeg_demux.c
@@ -1705,7 +1705,7 @@ static int istg_parse_tile_grid(const OptionsContext *o, Demuxer *d, InputStream
return ret;
}
- ret = fg_create(NULL, graph_str, d->sch, &opts);
+ ret = fg_create(NULL, &graph_str, d->sch, &opts);
if (ret < 0)
return ret;
diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c
index b0244fa774..9f962e6b8c 100644
--- a/fftools/ffmpeg_filter.c
+++ b/fftools/ffmpeg_filter.c
@@ -1085,7 +1085,7 @@ static const AVClass fg_class = {
.category = AV_CLASS_CATEGORY_FILTER,
};
-int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch,
+int fg_create(FilterGraph **pfg, char **graph_desc, Scheduler *sch,
const OutputFilterOptions *opts)
{
FilterGraphPriv *fgp;
@@ -1097,7 +1097,7 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch,
fgp = av_mallocz(sizeof(*fgp));
if (!fgp) {
- av_freep(&graph_desc);
+ av_freep(graph_desc);
return AVERROR(ENOMEM);
}
fg = &fgp->fg;
@@ -1108,7 +1108,7 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch,
} else {
ret = av_dynarray_add_nofree(&filtergraphs, &nb_filtergraphs, fgp);
if (ret < 0) {
- av_freep(&graph_desc);
+ av_freep(graph_desc);
av_freep(&fgp);
return ret;
}
@@ -1117,11 +1117,13 @@ int fg_create(FilterGraph **pfg, char *graph_desc, Scheduler *sch,
}
fg->class = &fg_class;
- fg->graph_desc = graph_desc;
+ fg->graph_desc = *graph_desc;
fgp->disable_conversions = !auto_conversion_filters;
fgp->nb_threads = -1;
fgp->sch = sch;
+ *graph_desc = NULL;
+
snprintf(fgp->log_name, sizeof(fgp->log_name), "fc#%d", fg->index);
fgp->frame = av_frame_alloc();
@@ -1245,7 +1247,7 @@ fail:
int fg_create_simple(FilterGraph **pfg,
InputStream *ist,
- char *graph_desc,
+ char **graph_desc,
Scheduler *sch, unsigned sched_idx_enc,
const OutputFilterOptions *opts)
{
@@ -1270,7 +1272,7 @@ int fg_create_simple(FilterGraph **pfg,
"to have exactly 1 input and 1 output. "
"However, it had %d input(s) and %d output(s). Please adjust, "
"or use a complex filtergraph (-filter_complex) instead.\n",
- graph_desc, fg->nb_inputs, fg->nb_outputs);
+ *graph_desc, fg->nb_inputs, fg->nb_outputs);
return AVERROR(EINVAL);
}
if (fg->outputs[0]->type != type) {
diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
index be1dbad479..bcbbee9126 100644
--- a/fftools/ffmpeg_mux_init.c
+++ b/fftools/ffmpeg_mux_init.c
@@ -1003,7 +1003,7 @@ ost_bind_filter(const Muxer *mux, MuxStream *ms, OutputFilter *ofilter,
ost->filter = ofilter;
ret = ofilter_bind_enc(ofilter, ms->sch_idx_enc, &opts);
} else {
- ret = fg_create_simple(&ost->fg_simple, ost->ist, filters,
+ ret = fg_create_simple(&ost->fg_simple, ost->ist, &filters,
mux->sch, ms->sch_idx_enc, &opts);
if (ret >= 0)
ost->filter = ost->fg_simple->outputs[0];
diff --git a/fftools/ffmpeg_opt.c b/fftools/ffmpeg_opt.c
index f51523d2e0..80bb9236af 100644
--- a/fftools/ffmpeg_opt.c
+++ b/fftools/ffmpeg_opt.c
@@ -1496,7 +1496,7 @@ int ffmpeg_parse_options(int argc, char **argv, Scheduler *sch)
/* create complex filtergraphs */
for (int i = 0; i < go.nb_filtergraphs; i++) {
- ret = fg_create(NULL, go.filtergraphs[i], sch, NULL);
+ ret = fg_create(NULL, &go.filtergraphs[i], sch, NULL);
go.filtergraphs[i] = NULL;
if (ret < 0)
goto fail;
--
2.49.1
>From 2037e2b15b84fc2b31c841f115eacaa0d0f09d6b Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Fri, 31 Oct 2025 15:56:40 -0300
Subject: [PATCH 2/4] fftools/ffmpeg_demux: fix potential memory leak when
creating tile grid filtergraphs
Fixes CID 1668266.
Signed-off-by: James Almer <jamrial@gmail.com>
---
fftools/ffmpeg_demux.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
index 29ef86b7c9..cb79dd7611 100644
--- a/fftools/ffmpeg_demux.c
+++ b/fftools/ffmpeg_demux.c
@@ -1702,17 +1702,22 @@ static int istg_parse_tile_grid(const OptionsContext *o, Demuxer *d, InputStream
ret = av_packet_side_data_to_frame(&opts.side_data, &opts.nb_side_data, sd, 0);
if (ret < 0 && ret != AVERROR(EINVAL))
- return ret;
+ goto fail;
}
ret = fg_create(NULL, &graph_str, d->sch, &opts);
if (ret < 0)
- return ret;
+ goto fail;
istg->fg = filtergraphs[nb_filtergraphs-1];
istg->fg->is_internal = 1;
- return 0;
+ ret = 0;
+fail:
+ if (ret < 0)
+ av_freep(&graph_str);
+
+ return ret;
}
static int istg_add(const OptionsContext *o, Demuxer *d, AVStreamGroup *stg)
--
2.49.1
>From 402599354e29b17b7d6e49666180bbe603a9d871 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Fri, 31 Oct 2025 15:59:18 -0300
Subject: [PATCH 3/4] fftools/ffmpeg_filter: check the side data descriptor
pointer is not NULL
Fixes CID 1668264.
Signed-off-by: James Almer <jamrial@gmail.com>
---
fftools/ffmpeg_filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fftools/ffmpeg_filter.c b/fftools/ffmpeg_filter.c
index 9f962e6b8c..a770804862 100644
--- a/fftools/ffmpeg_filter.c
+++ b/fftools/ffmpeg_filter.c
@@ -2266,7 +2266,7 @@ static int ifilter_parameters_from_frame(InputFilter *ifilter, const AVFrame *fr
for (int i = 0; i < frame->nb_side_data; i++) {
const AVSideDataDescriptor *desc = av_frame_side_data_desc(frame->side_data[i]->type);
- if (!(desc->props & AV_SIDE_DATA_PROP_GLOBAL) ||
+ if (!desc || !(desc->props & AV_SIDE_DATA_PROP_GLOBAL) ||
frame->side_data[i]->type == AV_FRAME_DATA_DISPLAYMATRIX)
continue;
--
2.49.1
>From 858b53bb82afe70863ed33d7cfbc73822b49ff69 Mon Sep 17 00:00:00 2001
From: James Almer <jamrial@gmail.com>
Date: Fri, 31 Oct 2025 16:05:02 -0300
Subject: [PATCH 4/4] avutil/csp: check the for NULL pointer in
av_csp_primaries_desc_from_id
Fixes CID 1668265.
Signed-off-by: James Almer <jamrial@gmail.com>
---
libavutil/csp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavutil/csp.c b/libavutil/csp.c
index c8ecddc110..2ab4fee9dd 100644
--- a/libavutil/csp.c
+++ b/libavutil/csp.c
@@ -100,7 +100,7 @@ const AVColorPrimariesDesc *av_csp_primaries_desc_from_id(enum AVColorPrimaries
else if (((unsigned)prm >= AVCOL_PRI_EXT_BASE) &&
((unsigned)prm < AVCOL_PRI_EXT_NB))
p = &color_primaries_ext[prm - AVCOL_PRI_EXT_BASE];
- if (!p->prim.r.x.num)
+ if (p && !p->prim.r.x.num)
return NULL;
return p;
}
--
2.49.1
_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-10-31 19:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-10-31 19:06 [FFmpeg-devel] [PATCH] Fix new Coverity issues (PR #20807) James Almer via ffmpeg-devel
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git