From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 3920E43CF0 for ; Fri, 12 Dec 2025 04:02:06 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'TsOf1yCVCqNeu3GXdEQ/SX0xWbdx3tujTAMoCPPxBgo=', expected b'gPWFkk6UFnvJd+XB2mOs48BIA0xTsS8Wunh1NHOT7CQ=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1765512110; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=TsOf1yCVCqNeu3GXdEQ/SX0xWbdx3tujTAMoCPPxBgo=; b=ERjIoVl/mO9UQAW9Bd2vCgdmG+p7ALt0/rdb5GOQI5Xmr25qr1dTKTn/l0+XBoWlRy5JA LaOG4sHFGK2WzsVNG0O3R4YF3yoYgD+NwiPV1OyXMHqtRWoW2P5JjE6xs/V3hpnpwMHSVed OgsSI0bkAsPfp1ZyEtO1WYh3W3ca3pgL0vBrFHNfP0kAUl3Vy57oJ6p2mJu1jG0tKlvEVbI MWYStoYT4DyA796/CFQmJnmhtPekRiuQr78/0UioNLgQ0ePAEtDG+qBYpKhgr5PXEDfbJt6 RqfxZgxuD0YixOEj160rsEfC0+LrfcOjR4ddRO9gUJYLADgSF0gcKpu2/dOQ== Received: from [172.19.0.3] (unknown [172.19.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 2B40B69084A; Fri, 12 Dec 2025 06:01:50 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1765512094; b=nNlQ1Hz+Yz2OxtKf/n1qo3MigTbrr8MowGcOYout7FzpBXUx0p2f5uxRUl113AEez2W4s 8Opo6NmGdRWaL5VqL65y/FWxXGuWUb4psn9Z7hJHDb244gVWaZOuDRNtWLryPSQYXrtjlLh J1y8NyCPK95SjvK74Sz2U785q2wkzcmrMMYwa4QuP/zfuQUKHnqW+qOw8dMbg6LXW3xPGa7 lCpEr9jZL0JdLi/GRmfDSW5wAG2aD4yoidXqKfGQ3XoHn7qmlqtkZBzI7qfLeyGXO+xdzsS pky5Wy07w8IiMHUDuZwdanMYXc/uM7XeaMd06yNB9/+BpGTxd8bWx6mb5mPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1765512094; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=nYm9GBnTgNsP1GZzSf+OyhcLmzU4Vzsvix6eDgGM424=; b=dJv+oWg0O0A6b+p3l52JaL/Y6mBwecyU1lvhHhWeqoLxHSFO0NJTHwx+VCBY4+/qlHKsI EG5CbvW/I2pYUetRzvK6tp9wGOD04XuvxnpaYn9NjjK+HkGY9vrWZOpPuTfDMjMqBxrG/HW y2f0JCQiMtqqgdL604MmGF7p5b2+MT8RtW9x0Oo01ilACxSq9TFlv5VSmu07tYRBY3YcIY8 VCx/6BQpl06d5Ces+Ml7aIzCoTnDjklBTFhzUM4RuLUpF1dczRhg+LNYfenBQxQEleAEomR dihArT9p6u7cbSVlC3KR3Z8Xc7Nj83i3Ic0nv0pNFS8xO0sjwOuEvM0yiyDw== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1765512084; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=gPWFkk6UFnvJd+XB2mOs48BIA0xTsS8Wunh1NHOT7CQ=; b=tnfdqCxZ/ejtbzP8g9cySgcoHLgmpDNAm3dAwQ/uvbsSdEz8vrJgbNU8wQTtEklS9axp1 t0ymM550yhQdGeYNxmS0XGtlLMet5c6Ed0FFYn2KUkpL/ZmHYqnUsOz6lYgjVCkWK7wn4eQ 6lRHHSYJS4Gj18u5J0t/NNk6ap6VLSLRqfMB1TDnVb04omLOcHFMA6e882JbJeXNwvOKE4b CIGA0Nv+fAeSTYRrEJwx2idEXtVO6aqGtubZqfO5IScnwmsRQ2YyCA7vdWAcsbd24tWbe5P eUBv0hkJ2SkxIV8/W9Z539YVRQ0qBnW/EHA891N2pRiXs4cCS98CjGW/YsNA== Received: from 55ca25703178 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B0FF2690428 for ; Fri, 12 Dec 2025 06:01:24 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 12 Dec 2025 04:01:24 -0000 Message-ID: <176551208490.39.6117111931075200546@2cb04c0e5124> Message-ID-Hash: RARSNWDNTYNBVNR24PSJIFND467MFTN6 X-Message-ID-Hash: RARSNWDNTYNBVNR24PSJIFND467MFTN6 X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] lavc/vulkan_video: fix double-free and leak (PR #21173) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: cgutman via ffmpeg-devel Cc: cgutman Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21173 opened by cgutman URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21173 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21173.patch I ran into this double-free when `ff_vk_alloc_mem()` failed in `ff_vk_video_common_init()` because the GPU was out of memory. In this case, `ff_vk_video_common_init()` calls `ff_vk_video_common_uninit()` in the `fail:` path which leaves dangling object handles in `FFVkVideoCommon`. Those get freed again when the destructor of `FFVulkanDecodeShared` calls `ff_vk_video_common_uninit()` a second time. I also included a simple leak fix that I found while investigating. This should be cherry-picked into `release/8.0` and `release/7.1`, but I can also create new PRs for that if necessary. >>From d72a59dbd3df829e06b5229cab93e3989cdba909 Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Thu, 11 Dec 2025 17:39:16 -0600 Subject: [PATCH 1/2] lavc/vulkan_video: fix double-free if ff_vk_decode_init() fails ff_vk_video_common_init() calls ff_vk_video_common_uninit() on failure which leaves dangling object handles. Those get freed again when the destructor of FFVulkanDecodeShared calls ff_vk_video_common_uninit() again. Signed-off-by: Cameron Gutman --- libavcodec/vulkan_video.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/vulkan_video.c b/libavcodec/vulkan_video.c index 819940460f..66fc493ff1 100644 --- a/libavcodec/vulkan_video.c +++ b/libavcodec/vulkan_video.c @@ -349,17 +349,21 @@ av_cold void ff_vk_video_common_uninit(FFVulkanContext *s, av_freep(&common->mem); - if (common->layered_view) + if (common->layered_view) { vk->DestroyImageView(s->hwctx->act_dev, common->layered_view, s->hwctx->alloc); + common->layered_view = VK_NULL_HANDLE; + } av_frame_free(&common->layered_frame); av_buffer_unref(&common->dpb_hwfc_ref); - if (common->yuv_sampler) + if (common->yuv_sampler) { vk->DestroySamplerYcbcrConversion(s->hwctx->act_dev, common->yuv_sampler, s->hwctx->alloc); + common->yuv_sampler = VK_NULL_HANDLE; + } } av_cold int ff_vk_video_common_init(AVCodecContext *avctx, FFVulkanContext *s, -- 2.49.1 >>From cb01782b90bef5af569e3ff9940b9803f7033a8c Mon Sep 17 00:00:00 2001 From: Cameron Gutman Date: Thu, 11 Dec 2025 21:52:37 -0600 Subject: [PATCH 2/2] lavc/vulkan_video: fix leak on CreateVideoSessionKHR failure Signed-off-by: Cameron Gutman --- libavcodec/vulkan_video.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/vulkan_video.c b/libavcodec/vulkan_video.c index 66fc493ff1..d73479d14d 100644 --- a/libavcodec/vulkan_video.c +++ b/libavcodec/vulkan_video.c @@ -398,8 +398,10 @@ av_cold int ff_vk_video_common_init(AVCodecContext *avctx, FFVulkanContext *s, /* Create session */ ret = vk->CreateVideoSessionKHR(s->hwctx->act_dev, session_create, s->hwctx->alloc, &common->session); - if (ret != VK_SUCCESS) - return AVERROR_EXTERNAL; + if (ret != VK_SUCCESS) { + err = AVERROR_EXTERNAL; + goto fail; + } /* Get memory requirements */ ret = vk->GetVideoSessionMemoryRequirementsKHR(s->hwctx->act_dev, -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org