From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id A63154C81B for ; Sat, 8 Feb 2025 21:43:35 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 528D368BA9E; Sat, 8 Feb 2025 23:43:31 +0200 (EET) Received: from sender2-op-o11.zoho.eu (sender2-op-o11.zoho.eu [136.143.171.11]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8F81768B642 for ; Sat, 8 Feb 2025 23:43:24 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; t=1739051001; cv=none; d=zohomail.eu; s=zohoarc; b=GFPAmQbh6Df6F3TDDX6iKOKJLvZVVd26ykyScgJIJgw9uwvyl2wLmUVwZ2SLmwX4APEuCMdgl+lMbDE0wPgkr9eVqs9BpGXZXJhU5b0k1PACTAzRHpbnTp2auwkorMqNYc1p/Ag/9zwW2aGySuzDZRlHonixu/t1xIpCrNOd5x0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1739051001; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To; bh=o72KgdRCqxWr7npJ7AJ4AP4klXswggvp3i20M1nFfM0=; b=IBeJSk5mSOdjejJL8AJCsuP1cMN95q7mDK6Db7TK8Za2ntb4jQ07ghZnx6ZJ3q+XH9rL7DpwAkdlT6k0sjeuGKnF6bfYnm8jQnBLrqmkvbD2aQUWf6KRM5+UJJCBnfS7YtWIO9q5L7i29szC09KJB0GBg6E9CBRQg5w7y/NVDz0= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=frankplowman.com; spf=pass smtp.mailfrom=post@frankplowman.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1739051001; s=zmail; d=frankplowman.com; i=post@frankplowman.com; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=o72KgdRCqxWr7npJ7AJ4AP4klXswggvp3i20M1nFfM0=; b=WzikLZZsz/1CvcI7NyOmND278ywjSR8xhes0m3Bved0hY1t7ne3EfXY29124tjNS wntobY784UgiiY5T48MvQii91QJJgdzmsGbb6wbL8FgSav4sC4z5K2Zy33tBRZnRkd5 0Br8mXO8csHTd9PQ1rsP1/UJdx9inTUcvB8emSoI= Received: by mx.zoho.eu with SMTPS id 1739051000375863.443925477014; Sat, 8 Feb 2025 22:43:20 +0100 (CET) From: Frank Plowman To: ffmpeg-devel@ffmpeg.org Date: Sat, 8 Feb 2025 21:42:56 +0000 Message-ID: <20250208214312.19124-1-post@frankplowman.com> X-Mailer: git-send-email 2.47.0 MIME-Version: 1.0 X-ZohoMailClient: External Subject: [FFmpeg-devel] [PATCH] lavc/vvc: Set fc->ref to NULL at top of decode_nal_units X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Frank Plowman , nuomi2021@gmail.com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: In the fail: block of decode_nal_units, a check as to whether fc->ref is nonzero is used. Before this patch, fc->ref was set to NULL in frame_context_setup. The issue is that, by the time frame_context_setup is called, falliable functions (namely slices_realloc and ff_vvc_decode_frame_ps) have already been called. Therefore, there could arise a situation in which the fc->ref test of decode_nal_units' fail: block is performed while fc->ref has an invalid value. This seems to be particularly prevalent in situations where the FrameContexts are being reused. The patch resolves the issue by moving the assignment of fc->ref to NULL to the very top of decode_nal_units, before any falliable functions are called. Signed-off-by: Frank Plowman --- libavcodec/vvc/dec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c index 51dd60ae92..572e904301 100644 --- a/libavcodec/vvc/dec.c +++ b/libavcodec/vvc/dec.c @@ -671,8 +671,6 @@ static int frame_context_setup(VVCFrameContext *fc, VVCContext *s) { int ret; - fc->ref = NULL; - // copy refs from the last frame if (s->nb_frames && s->nb_fcs > 1) { VVCFrameContext *prev = get_frame_context(s, fc, -1); @@ -927,6 +925,7 @@ static int decode_nal_units(VVCContext *s, VVCFrameContext *fc, AVPacket *avpkt) int ret = 0; s->last_eos = s->eos; s->eos = 0; + fc->ref = NULL; ff_cbs_fragment_reset(frame); ret = ff_cbs_read_packet(s->cbc, frame, avpkt); -- 2.47.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".