From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 8DC7F47B11 for ; Mon, 2 Oct 2023 10:51:11 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1D99368CD7E; Mon, 2 Oct 2023 13:51:07 +0300 (EEST) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01olkn2102.outbound.protection.outlook.com [40.92.65.102]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 094CE68CD78 for ; Mon, 2 Oct 2023 13:51:01 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bUIDFUQQAiPmDATjVCoDvku4GMoq3+ydA9XO6hYs2S8U0YBTTXSo97S9QoU3g2Cm8Qr+KTa9moBss8DxXbwEe7uTJa3nTOonXW7ob0NgRLvj3GsbBZoQLO1Iy8duxA4IygjFY1sU4vGSqnF0oPog6tz+u9qKX75GHN0Uuade3T14fQeXoSjuGtQ+PNIgDcAh1s30e0FKHSyEmDqvEhb1Uj53K0KyXsnbjboKPx0M1Lsu5OHBgjxEbq+XWCGfI5jFYUU9P44V342R9cmmcca7VPouNN0O3/bYX7MqdwabLicYHQmabWjnsAE3OWMvmhZ4sWErDArX2jHM+MpW+h56wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=182HFyZUVMfmj3xLnqcFfa9hMXWVUwnX9XieX23RYig=; b=cxLOH6QJupFFc3Uq4wXE5ctD1M6FvQaCk3kbb2XlM3TUm9SvWROw07zeVJGohZXjF37QIUQImFj7jn7EDMGdaazQyzAhsbNazMgEdvV0FtB3SFWPH7Rm/LBLKTwJCI5Qvuahyd+b4OXeT9RSOZ4nut5+/z+Jj2gk5hgG6N/oZnk4Ft0+vw0gtU6TMGvkYHjubQm7g9SPWi/i7XYBY6RnNJwPSSL4+1RgPO0vkClErIOoNQ5k5TYs0hXaW/+1x/W37iLCYB9mWOxNjshkRqYGZQNi37YW/dSe0hmP3vGliLxIhS8w/VePEurkVOrjceg99H4cU1T6zwkQPi9habAgng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=182HFyZUVMfmj3xLnqcFfa9hMXWVUwnX9XieX23RYig=; b=scCg93EfQSpnVrlPzFT6XuZZrXW8x+14PnzQZPvmJBM6f4MVnNtVo0853NPApVJ3jydOUI5Dnn38dyh5Kqiyw/XtRLtbmVZWt2BBKEEMllvwy6JOCh50nPNXmXGk7pfX5GDAHwrwcn/U3oMeZa4DYdlHPFXWAB+VOw27d4AJFOc9c94ibTqvv3iHzHjvKCNf7BZ3ZOY4b+gD2tvFUieV6YqIYTpKlTTT9uLhT+BpyQIDppxgrvAAd5w1+VgeOGKSQA4LSTcEjeWzZroDBEpfTgEh79nHx/MJmroLzOe/8G3bRRam3v0SLKb0b/ksL5IoliSIEltOPfLz6LLn8V7Njg== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS8P250MB0203.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:37a::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.30; Mon, 2 Oct 2023 10:50:57 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa%3]) with mapi id 15.20.6792.026; Mon, 2 Oct 2023 10:50:57 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 2 Oct 2023 12:52:00 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: X-TMN: [jSX9XYGqV3yYhAVSwcZ/YmQzC+Z1tGm/] X-ClientProxiedBy: ZR2P278CA0015.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:50::19) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <20231002105202.835642-2-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0203:EE_ X-MS-Office365-Filtering-Correlation-Id: 33ddb37c-c0e4-44e3-5d05-08dbc3357544 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0QBb0MqjlQ8qdYthqgqsaxBiNRhDgXzlIxFMTXBNK7v/lIWdiRx5kWq44pus6l8fMXFM7Pwx/2BRaZO2zVoqtuZwYj6ztC/P5FvdvdGW9V3rdMrQxcxxjCrU/UlkBdA0tC+1zVbhrA4MNSEsCBawLI0Ko2u8tLnPezRERMfK4GN+euoLofIzQTDI9jTj+pdgHNFYecPhStMQX49lNa0ZOMxsi0izSZHd9ulKmXCclvxY1U7ueFv8pJaD6LxekzmOKhZrmPjfYf1yE3i+T+GbvEfwVQ2Rky2UQ6pktnREaBolju/x9ZteLiCKx02vs38TFN9VK6vNJfUbVZovvV+VosUClkgMVvSflwBl2Avjq35/F41jTDj4cxmo4XWwxERHJTNhg+qOHTIOAmwrpc4m9RzdGRbQqvrwfQqU8IdOYIBPTIsaxHfIJC4n9vkm7dxUG5UfnGaBKl0LV/GMgOZikh/JSt1pFX9pgYmARxAR/GjuLMqQNBJ5aRWf6vbEQ6rNV9Z8UkUBEf95lkFQdxEkeJf48yITvog40znrvsiJLE99BKlo/xLfbJnxt9foJmvTDPw7Xc0AHqhbkGbv1JyjMBVJW7SCJ1+UdyvKsjB1L+w5WVWOZCAbQhYQ34alvHSZ X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?m3Ji4KUJYNd+ZDI2Xg9mGHqUUHEehAkVzKOWWKUpW54Fv6gU3c88iRuB/EEZ?= =?us-ascii?Q?njR0S+3ZK/tjcgoqOUVPop3CzHVqCK6C45GjZ2XbdoB94PSE5p82a7d+vcM/?= =?us-ascii?Q?gIeqvzh/RZGDz7QR+q9cJNxOSEDAI3JQ43a0kcvR6AyaDR5lww9IOjaq+ytr?= =?us-ascii?Q?pV1GWYHNWOZ/f2k8dn3kviLsKyt/KKislLuC+TIcVmI3bThw8dDSguq818BJ?= =?us-ascii?Q?TFVVPikxCKB4hMGHTMQXxZngO3SNPOwGhq6N8hoE3ITkygeKcbxwZsQEop6v?= =?us-ascii?Q?s8ab59kIdhMdA+V8LpkWKZqsxN/wIGZIa+KvwF1U24cv7ZDF45dxMQS9+8N2?= =?us-ascii?Q?G9w1lgQBIRgaObBVFVGjGIeNZpQC5ujfnxmzkNDz6v/InmJemMybwr0M08QD?= =?us-ascii?Q?NACH6//HWG0Vhaozei9Vu2w5/R719O9Fs91mmUcUh3lGWJnueehxK8BPfAJf?= =?us-ascii?Q?NbR8ZJWIxAUSRZYhDQOeJPBV8Px+3klRBzLAjWXP0E0mUi7jawBnuvgRJ97U?= =?us-ascii?Q?PFcsw2q5NY0ZeAipDUo7cYzRqoDFu1C16MQiwgKW1DPv8TTLCfktpOLnNliC?= =?us-ascii?Q?TvoKYIjDXzQ0v6UYU4aoErMDyhs8MZH/E5QV8E4PpAXCAoIk/O4MO1UJ9/5l?= =?us-ascii?Q?jJWsvsxaZtylLbtMK1GddSdGYnL4aM8iKd1jxAqQR9WR0T6qrkxxYlQwisqV?= =?us-ascii?Q?Xf3C4VFvYjT9gPi9N+IuBhyl6s74dmkfx9GkGHmywzBF1kVnIJ4HmxNl10/0?= =?us-ascii?Q?FWSfNPM5LmtXvk0JrMBTSatPemK7HeXnhkDS/i+qzpMWFqSeNu0TgyR308bC?= =?us-ascii?Q?/RAJig0W72GUJdVt7eS/fCeE6wdoEqnbd0ua/7kCH/LO6leZXV2/HmAI5ADK?= =?us-ascii?Q?H9Jfo+ranAfgR50Q51FLmLyvbQkYCNt/NhZjddpCjB3CA4oP9I242EuBO6Hs?= =?us-ascii?Q?KFTSSMMV1yEAIvRW5b3hyObVQYSRH+qbBB7m+uq19FSgD1ktAfKPV5pJjOkA?= =?us-ascii?Q?jsG9ea+Iqhe5yp93wAFMv38oHV8tAiH4nVawlGy9c6fwdV7dMc4p0mr1ydH9?= =?us-ascii?Q?/JhK0hmHygc0S/C1glNcMZegmdQQ8RGQQQ4GJa2FdL/2qVEGYdB2wWSQ58tU?= =?us-ascii?Q?/epiPjxGXNEf+HX1YHwrkH3puRG8ceJOjj7hd6t9JHqJ44z9qX8QNBdpSyva?= =?us-ascii?Q?VwjHAuBU3oY6Z/SP4JW66Q3qQuppMuGsDYlCkO2FMvTGjZkAiy5ZgEJwDGrm?= =?us-ascii?Q?lD4HdWE7hs2O0kEALqOn?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 33ddb37c-c0e4-44e3-5d05-08dbc3357544 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Oct 2023 10:50:57.4824 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0203 Subject: [FFmpeg-devel] [PATCH 6/8] avcodec/mpegvideo_dec: Don't zero context on init failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Up until now, ff_mpeg_update_thread_context() zeroes the context to initialize on initialization failure. This has been added in e1d7d4bd13cdd8856a3611d1ea387ac733a7aebf. Just as now, ff_mpeg_update_thread_context() simply copied the src MpegEncContext over the dst MpegEncContext to initialize it, but clear_context() was only added in b160fc290cf49b516c5b6ee0730fd9da7fc623b1, so that cleaning up on init failure was a minefield if performed. It was not always performed, namely not before the first allocation needed to be freed. In the fuzzer sample that led to e1d7d4bd13cdd8856a3611d1ea387ac733a7aebf, the call to av_image_check_size() failed and before said commit, the context contained lots of pointers from the src context, leading to assert violations lateron. Of course, the proper fix for this is resetting the pointers (or even better, not copying them in the first place), so this zeroing is unnecessary since commit b160fc290cf49b516c5b6ee0730fd9da7fc623b1. It is also harmful, because it makes initializing something only once during init more complicated; See the h264chroma handling in the diff for an example. Therefore it is removed. Signed-off-by: Andreas Rheinhardt --- libavcodec/mpegvideo_dec.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/libavcodec/mpegvideo_dec.c b/libavcodec/mpegvideo_dec.c index f9fccff518..3f173a9feb 100644 --- a/libavcodec/mpegvideo_dec.c +++ b/libavcodec/mpegvideo_dec.c @@ -83,13 +83,8 @@ int ff_mpeg_update_thread_context(AVCodecContext *dst, if (s1->context_initialized) { ff_mpv_idct_init(s); - if ((err = ff_mpv_common_init(s)) < 0) { - memset(s, 0, sizeof(*s)); - s->avctx = dst; - s->private_ctx = private_ctx; - memcpy(&s->h264chroma, &s1->h264chroma, sizeof(s->h264chroma)); + if ((err = ff_mpv_common_init(s)) < 0) return err; - } } } -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".