From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id E37704DB1D for ; Fri, 30 Jan 2026 10:34:12 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'XtMy+/1S+qoYlqzoLpW3N4GPIIGbPAFrVcEMygQzdHQ=', expected b'Y47+NdDB4zovZEijCadPIviqpZXZ8+xjD4PWcHK7Ay4=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769769235; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=XtMy+/1S+qoYlqzoLpW3N4GPIIGbPAFrVcEMygQzdHQ=; b=sScPrC4vT2vuTY6xM0sVjmJ/cTTiVNeWCIi3eMq4XnlfLOxF/JA9AhXH2pg94ffm0ORBa uW0DJ6xMuG3dyNApJNMMcOmb2CKo51DdGeAgdkk+61J6MzDj8CO49as0FAnwKJkPmf0FkzS wDTm7y4slaQuZqKOfYKKe3g4eaJ/QxQxlluCHfmYvyikaKBXyUiCekEzJfajXNmtxGpuHDb CosVwMXNis5GqTXPzQ7VLQ7BmtlbWnmCNIomm6NX5JLgw7TQ6yqls4C4gg0R6hEINGCqwzw J+LlbQbozbkvqk/jxf7+XsPtn0EOuiOFw5EWdfhNbfZDjTB1wKDOs7sqavBw== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id C040C690FB4; Fri, 30 Jan 2026 12:33:55 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1769769219; b=knBYI4utQSU/sb6ErWwAOeLp3jtujsRDCA5Cqb7YIsP8yDLDVxJoU/iS53+lI6W8lCL0I B99fDqw6zooh0mTP6yH1yG4Zq910LPpdTfDwFIh+9s5NruQV82VcyOkur73vVtaPw4uqiUA uYsgZQPfrUw7XAvyoFRnxut5jeRzdCKAsYiA3/r3CaJmz9p31W7PCCYbjvvnNnsPeswxm7A Bpj7CTY3PIuY2cPvyLmBygSLKWzaI6M3RUrkuEzuxZ1Ir+whPydi1m0SePfIayZPryXitsN l6w8W42/oCh3islJzHgHut9Q7iRzFIp0MkjHnN+5D73x2yFmTrjXjNw9blOA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1769769219; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=ZE/pPsY9agZUgv/njxaIXUiMLk3wFZCLO3OO7WOsJ0k=; b=InlqTjXgeAcfqmBKxx1Uc+X0PaP0nXg8tCh4QU6zlaHX9Z50qE8rbU6N5z46/avyQ/RKJ JQj9LtOlkI+4WnBRKhdGUBbl2bLpRlHm1RATQnaUmMGJBKYzKsYeENffTHd6tk8OO4vzA70 HZppps1wDWLMEG1A4rxovVNRYnE53EWa/27dcOa+yE3Z+vy8wUSR86PsC1YXf4ThVq/gupk fKx6o+VAH3je167go2ldUWA7LdF8tSl8WR7pxmVnfCKK29JZ49It7OCqeog4UihI8sOicO0 H9uDC7oa85H/A5RuzP63KpVh4Xb0aJByEkbq5Q97ZhhZZUJvyvBd439iG22Q== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769769210; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=Y47+NdDB4zovZEijCadPIviqpZXZ8+xjD4PWcHK7Ay4=; b=LdJNAkFeNVWfnf6BCzpl+K6CV5sZtZEtMWplhJ+mIQeu+acD4mYf18DhFFY/UnRUhwaUo L0DmG3Gb1jwhf04FCtnj+H1jmsRmZkxreelZ9upBVScSg+Uw3Bw0srbnLq3uAwcVXFCbrOK AIKTZXwEec4q2tELq8XB8Juqg4duUeGiZxKhOh9aKGKzq0a/ZL4Z2IfHZ3WqMb9bw6vS0sw M4vwXw332c2lN96pgSf1YMy4u2QLBuV4ukANg5umM1vUwVe6RKhzkbQgHsyvYdgXvfKCPzw NzsSQJTRHTaAfuAQT67GUodIyU4W+AybiOL0vKY39dhoLtsFN/hSN65aHhvA== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 5C42E690EFB for ; Fri, 30 Jan 2026 12:33:30 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 30 Jan 2026 10:33:30 -0000 Message-ID: <176976921054.25.17365161649991894446@4457048688e7> Message-ID-Hash: 7YGKIEZUCTPOF6JNWVOS367233SKB2FH X-Message-ID-Hash: 7YGKIEZUCTPOF6JNWVOS367233SKB2FH X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/cafenc: Fix segfault upon error, avoid indirection (PR #21608) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: mkver via ffmpeg-devel Cc: mkver Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21608 opened by mkver URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21608 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21608.patch caf_write_deinit() would segfault if the CAFStreamContext couldn't be allocated. Fix this by moving everything from CAFStreamContext to the ordinary CAFContext; the separation doesn't make sense for a format with only one stream anyway and removing it also avoids an indirection. >>From 4367c055b6b253e97be603b0d1e58ce841abd1b8 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Fri, 30 Jan 2026 11:30:30 +0100 Subject: [PATCH] avformat/cafenc: Fix segfault upon error, avoid indirection caf_write_deinit() would segfault if the CAFStreamContext couldn't be allocated. Fix this by moving everything from CAFStreamContext to the ordinary CAFContext; the separation doesn't make sense for a format with only one stream anyway and removing it also avoids an indirection. Signed-off-by: Andreas Rheinhardt --- libavformat/cafenc.c | 50 ++++++++++++++++++-------------------------- 1 file changed, 20 insertions(+), 30 deletions(-) diff --git a/libavformat/cafenc.c b/libavformat/cafenc.c index 5bee5f74bb..3a3493717d 100644 --- a/libavformat/cafenc.c +++ b/libavformat/cafenc.c @@ -35,14 +35,12 @@ typedef struct { int64_t total_duration; int64_t packets; uint32_t frame_size; -} CAFContext; -typedef struct { uint32_t *byte_size_buffer; uint32_t *frame_size_buffer; unsigned byte_size_buffer_sz; unsigned frame_size_buffer_sz; -} CAFStreamContext; +} CAFContext; static uint32_t codec_flags(enum AVCodecID codec_id) { switch (codec_id) { @@ -118,7 +116,6 @@ static uint32_t samples_per_packet(const AVCodecParameters *par) { static int caf_write_init(struct AVFormatContext *s) { - AVStream *const st = s->streams[0]; AVCodecParameters *par = s->streams[0]->codecpar; unsigned int codec_tag = ff_codec_get_tag(ff_codec_caf_tags, par->codec_id); @@ -138,10 +135,6 @@ static int caf_write_init(struct AVFormatContext *s) return AVERROR_INVALIDDATA; } - st->priv_data = av_mallocz(sizeof(CAFStreamContext)); - if (!st->priv_data) - return AVERROR(ENOMEM); - // if either block_align or frame_size are 0, we need to check that the output // is seekable. Postpone reporting init as complete until caf_write_header() if (!par->block_align || !par->frame_size) @@ -248,33 +241,32 @@ static int caf_write_packet(AVFormatContext *s, AVPacket *pkt) AVStream *const st = s->streams[0]; if (!st->codecpar->block_align || !caf->frame_size) { - CAFStreamContext *caf_st = st->priv_data; void *pkt_sizes; unsigned alloc_size = caf->packets + 1; if (!st->codecpar->block_align) { - if (UINT_MAX / sizeof(*caf_st->byte_size_buffer) < alloc_size) + if (UINT_MAX / sizeof(*caf->byte_size_buffer) < alloc_size) return AVERROR(ERANGE); - pkt_sizes = av_fast_realloc(caf_st->byte_size_buffer, - &caf_st->byte_size_buffer_sz, - alloc_size * sizeof(*caf_st->byte_size_buffer)); + pkt_sizes = av_fast_realloc(caf->byte_size_buffer, + &caf->byte_size_buffer_sz, + alloc_size * sizeof(*caf->byte_size_buffer)); if (!pkt_sizes) return AVERROR(ENOMEM); - caf_st->byte_size_buffer = pkt_sizes; - caf_st->byte_size_buffer[caf->packets] = pkt->size; + caf->byte_size_buffer = pkt_sizes; + caf->byte_size_buffer[caf->packets] = pkt->size; } if (!caf->frame_size) { - if (UINT_MAX / sizeof(*caf_st->frame_size_buffer) < alloc_size) + if (UINT_MAX / sizeof(*caf->frame_size_buffer) < alloc_size) return AVERROR(ERANGE); - pkt_sizes = av_fast_realloc(caf_st->frame_size_buffer, - &caf_st->frame_size_buffer_sz, - alloc_size * sizeof(*caf_st->frame_size_buffer)); + pkt_sizes = av_fast_realloc(caf->frame_size_buffer, + &caf->frame_size_buffer_sz, + alloc_size * sizeof(*caf->frame_size_buffer)); if (!pkt_sizes) return AVERROR(ENOMEM); - caf_st->frame_size_buffer = pkt_sizes; - caf_st->frame_size_buffer[caf->packets] = pkt->duration; + caf->frame_size_buffer = pkt_sizes; + caf->frame_size_buffer[caf->packets] = pkt->duration; } } caf->packets++; @@ -289,7 +281,6 @@ static int caf_write_trailer(AVFormatContext *s) CAFContext *caf = s->priv_data; AVIOContext *pb = s->pb; AVStream *st = s->streams[0]; - CAFStreamContext *caf_st = st->priv_data; AVCodecParameters *par = st->codecpar; if (pb->seekable & AVIO_SEEKABLE_NORMAL) { @@ -318,24 +309,24 @@ static int caf_write_trailer(AVFormatContext *s) for (int i = 0; i < packets; i++) { if (!par->block_align) { for (int j = 4; j > 0; j--) { - unsigned top = caf_st->byte_size_buffer[i] >> j * 7; + unsigned top = caf->byte_size_buffer[i] >> j * 7; if (top) { avio_w8(pb, 128 | top); size++; } } - avio_w8(pb, caf_st->byte_size_buffer[i] & 127); + avio_w8(pb, caf->byte_size_buffer[i] & 127); size++; } if (!caf->frame_size) { for (int j = 4; j > 0; j--) { - unsigned top = caf_st->frame_size_buffer[i] >> j * 7; + unsigned top = caf->frame_size_buffer[i] >> j * 7; if (top) { avio_w8(pb, 128 | top); size++; } } - avio_w8(pb, caf_st->frame_size_buffer[i] & 127); + avio_w8(pb, caf->frame_size_buffer[i] & 127); size++; } } @@ -352,11 +343,10 @@ static int caf_write_trailer(AVFormatContext *s) static void caf_write_deinit(AVFormatContext *s) { - AVStream *st = s->streams[0]; - CAFStreamContext *caf_st = st->priv_data; + CAFContext *caf = s->priv_data; - av_freep(&caf_st->byte_size_buffer); - av_freep(&caf_st->frame_size_buffer); + av_freep(&caf->byte_size_buffer); + av_freep(&caf->frame_size_buffer); } const FFOutputFormat ff_caf_muxer = { -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org