[FFmpeg-devel] [PATCH] lavc/vvc: Set fc->ref to NULL at top of decode_nal_units

[FFmpeg-devel] [PATCH] lavc/vvc: Set fc->ref to NULL at top of decode_nal_units

[Frank Plowman]

In the fail: block of decode_nal_units, a check as to whether fc->ref is
nonzero is used.  Before this patch, fc->ref was set to NULL in
frame_context_setup.  The issue is that, by the time frame_context_setup
is called, falliable functions (namely slices_realloc and
ff_vvc_decode_frame_ps) have already been called.  Therefore, there
could arise a situation in which the fc->ref test of decode_nal_units'
fail: block is performed while fc->ref has an invalid value.  This seems
to be particularly prevalent in situations where the FrameContexts are
being reused.  The patch resolves the issue by moving the assignment of
fc->ref to NULL to the very top of decode_nal_units, before any falliable
functions are called.

Signed-off-by: Frank Plowman <post@frankplowman.com>
---
 libavcodec/vvc/dec.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c
index 51dd60ae92..572e904301 100644
--- a/libavcodec/vvc/dec.c
+++ b/libavcodec/vvc/dec.c
@@ -671,8 +671,6 @@ static int frame_context_setup(VVCFrameContext *fc, VVCContext *s)
 {
     int ret;
 
-    fc->ref = NULL;
-
     // copy refs from the last frame
     if (s->nb_frames && s->nb_fcs > 1) {
         VVCFrameContext *prev = get_frame_context(s, fc, -1);
@@ -927,6 +925,7 @@ static int decode_nal_units(VVCContext *s, VVCFrameContext *fc, AVPacket *avpkt)
     int ret = 0;
     s->last_eos = s->eos;
     s->eos = 0;
+    fc->ref = NULL;
 
     ff_cbs_fragment_reset(frame);
     ret = ff_cbs_read_packet(s->cbc, frame, avpkt);
-- 
2.47.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] lavc/vvc: Set fc->ref to NULL at top of decode_nal_units

[Nuo Mi]

On Sun, Feb 9, 2025 at 5:43 AM Frank Plowman <post@frankplowman.com> wrote:

> In the fail: block of decode_nal_units, a check as to whether fc->ref is
> nonzero is used.  Before this patch, fc->ref was set to NULL in
> frame_context_setup.  The issue is that, by the time frame_context_setup
> is called, falliable functions (namely slices_realloc and
> ff_vvc_decode_frame_ps) have already been called.  Therefore, there
> could arise a situation in which the fc->ref test of decode_nal_units'
> fail: block is performed while fc->ref has an invalid value.  This seems
> to be particularly prevalent in situations where the FrameContexts are
> being reused.  The patch resolves the issue by moving the assignment of
> fc->ref to NULL to the very top of decode_nal_units, before any falliable
> functions are called.
>
Thank you, Frank.
Applied.

>
> Signed-off-by: Frank Plowman <post@frankplowman.com>
> ---
>  libavcodec/vvc/dec.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/libavcodec/vvc/dec.c b/libavcodec/vvc/dec.c
> index 51dd60ae92..572e904301 100644
> --- a/libavcodec/vvc/dec.c
> +++ b/libavcodec/vvc/dec.c
> @@ -671,8 +671,6 @@ static int frame_context_setup(VVCFrameContext *fc,
> VVCContext *s)
>  {
>      int ret;
>
> -    fc->ref = NULL;
> -
>      // copy refs from the last frame
>      if (s->nb_frames && s->nb_fcs > 1) {
>          VVCFrameContext *prev = get_frame_context(s, fc, -1);
> @@ -927,6 +925,7 @@ static int decode_nal_units(VVCContext *s,
> VVCFrameContext *fc, AVPacket *avpkt)
>      int ret = 0;
>      s->last_eos = s->eos;
>      s->eos = 0;
> +    fc->ref = NULL;
>
>      ff_cbs_fragment_reset(frame);
>      ret = ff_cbs_read_packet(s->cbc, frame, avpkt);
> --
> 2.47.0
>
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".