From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 58CBA4A541 for ; Wed, 1 May 2024 14:54:17 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6A60468D6B2; Wed, 1 May 2024 17:54:14 +0300 (EEST) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8874D68D660 for ; Wed, 1 May 2024 17:54:07 +0300 (EEST) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-1ec41d82b8bso18250245ad.2 for ; Wed, 01 May 2024 07:54:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1714575245; x=1715180045; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=+A+WBOFThwo5CG88zNVEu0BvoERjXsrCQE4NdA4Kdj8=; b=F9dWzVUBNqolsdg+gd+Xy1vEu2vQ3xiFVbEj3fxjVLUeD+5/lQEcigcDvgps6D1f+V 6fwl0Ym0gUSz/DkaIIsoemeb1NVTzB19xULV/uCuXhgJIh4PjuXv/OWMwU1vLFTbJq4k e+sg6YbM4wyPeEzLENDUoTCuB50X6Fgu+zfPxmNlpiviTErmWVKBhFKmfWEccAdQcgws y8NgZV33QIvnikba5lTNJZLhYHb+l2k2hRK3Q1m5ZbcpA24qZ864SADbBaXIlQUf5VqW JfUeC5T3qMYhlyOro50J3dCscRC0W5ECt8LLxvBJrBpjnjRK2BfHZ/DGid+ysLmHB9Y+ xh4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714575245; x=1715180045; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+A+WBOFThwo5CG88zNVEu0BvoERjXsrCQE4NdA4Kdj8=; b=u21g6tnDxm2+pFwbmdj2ASjsUGzjdf2SjXT+AxBfg0p/8mF78VG6uYkMUj174yz4kV DUbcIM5uu76o/OVL5vUW6J0+4mbhcerqBfJH0vZ0FNbebxU52d6eJsjAn7dCJe/8l+Yv qp6RQoNmvJOEuajkyREis8NYcd6qn3gp11RpGXmV8iE95diBMA/JNLuzI/69ARLRyZKq yoPXMnMXSjZkroeD2o3Ffad0zHPgvIFOar9hKQ9XL5FSdNcqFrjnlclAUJ0FlWpsvYN3 JRxiR8CxArLFQ/Z0tnx0wx6jDn9UkNF9eCw3q4RYvNqbXX5QK9MWhX2HxKgaNdILDw0S HVWQ== X-Gm-Message-State: AOJu0YzO2SBy1znhZfw2iVGcJIxyoAQGxR2nXEb4ojevdGRGRjYK4tuY ifkLY1yEcQKHaL2/XDHaZoyTEhsYgAqRdGs71dnTO3HQhdyqitUBXxWDOg== X-Google-Smtp-Source: AGHT+IEd2eAEA2qszYids7CiWJsd0pmWWY4Ii/KVTM4MF/pbGWiIwSDHNRbegjKfNn2zGBtCOqZ3Yw== X-Received: by 2002:a17:903:26d6:b0:1eb:acff:63bf with SMTP id jg22-20020a17090326d600b001ebacff63bfmr2522352plb.37.1714575244926; Wed, 01 May 2024 07:54:04 -0700 (PDT) Received: from [192.168.0.10] ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id t15-20020a170902b20f00b001e8a90b8ac7sm9649644plr.303.2024.05.01.07.54.03 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 01 May 2024 07:54:04 -0700 (PDT) Message-ID: <2fb66623-75ad-4d0c-9062-ebe365e2d0b5@gmail.com> Date: Wed, 1 May 2024 11:54:03 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240430004854.199741-1-michael@niedermayer.cc> <20240430004854.199741-3-michael@niedermayer.cc> <1a2550a7-4881-4d0d-a553-1b4693907f77@gmail.com> <20240501003825.GA6420@pb2> Content-Language: en-US From: James Almer In-Reply-To: <20240501003825.GA6420@pb2> Subject: Re: [FFmpeg-devel] [PATCH 3/3] avutil/opt: Preserve nb_channels in opt_free X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 4/30/2024 9:38 PM, Michael Niedermayer wrote: > On Tue, Apr 30, 2024 at 06:27:23PM -0300, James Almer wrote: >> On 4/29/2024 9:48 PM, Michael Niedermayer wrote: >>> Fixes: division by 0 >>> Fixes: decoder modifying demuxer channels on failure >>> Fixes: -sseof -5 -i zgclab/ffmpeg_crash/poc3 >>> >>> Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory >>> Signed-off-by: Michael Niedermayer >>> --- >>> libavutil/opt.c | 6 ++++-- >>> 1 file changed, 4 insertions(+), 2 deletions(-) >>> >>> diff --git a/libavutil/opt.c b/libavutil/opt.c >>> index ecbf7efe5fb..24c08e4bc06 100644 >>> --- a/libavutil/opt.c >>> +++ b/libavutil/opt.c >>> @@ -132,9 +132,11 @@ static void opt_free_elem(const AVOption *o, void *ptr) >>> av_dict_free((AVDictionary **)ptr); >>> break; >>> - case AV_OPT_TYPE_CHLAYOUT: >>> + case AV_OPT_TYPE_CHLAYOUT: { >>> + int nb_channels = ((AVChannelLayout *)ptr)->nb_channels; >>> av_channel_layout_uninit((AVChannelLayout *)ptr); >>> - break; >>> + ((AVChannelLayout *)ptr)->nb_channels = nb_channels; >>> + break;} >>> default: >>> break; >> >> A little bit of context would be helpful here. What's using nb_channels >> after av_opt_free was called and where? > > demuxer sets nb_channels > find stream info copies codec params to context > find stream info tries opening decoder > decoder, refuses, and opt_free_elem() is called on cleanup > context now has 0 channels > context gets copied into params of demuxer > demuxer goes like i have set the channels to a non zero value let me devide by them > and oops > > there is more than one position in this chain of events this can be fixed > > thx I think we should prevent avcodec_open2() from clearing a user-set parameter when closing, rather than change how av_opt_free works. Like so: > diff --git a/libavcodec/avcodec.c b/libavcodec/avcodec.c > index 888dd76228..fc8a40e4db 100644 > --- a/libavcodec/avcodec.c > +++ b/libavcodec/avcodec.c > @@ -414,6 +414,7 @@ void avsubtitle_free(AVSubtitle *sub) > > av_cold void ff_codec_close(AVCodecContext *avctx) > { > + AVChannelLayout ch_layout; > int i; > > if (!avctx) > @@ -468,7 +469,13 @@ av_cold void ff_codec_close(AVCodecContext *avctx) > > if (avctx->priv_data && avctx->codec && avctx->codec->priv_class) > av_opt_free(avctx->priv_data); > + > + // Work around av_opt_free() unsetting ch_layout > + ch_layout = avctx->ch_layout; > + memset(&avctx->ch_layout, 0, sizeof(avctx->ch_layout)); > av_opt_free(avctx); > + avctx->ch_layout = ch_layout; > + > av_freep(&avctx->priv_data); > if (av_codec_is_encoder(avctx->codec)) { > av_freep(&avctx->extradata); _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".