[FFmpeg-devel] [PATCH 1/5] fftools/ffprobe: Fix memleak

[FFmpeg-devel] [PATCH 1/5] fftools/ffprobe: Fix memleak

[Andreas Rheinhardt]

Fixes Coverity issue #1524491.
Regression since e6126abc6997058ca49ee596b70611bbe367163e.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 fftools/ffprobe.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
index 81610c097b..5c2d4cbff1 100644
--- a/fftools/ffprobe.c
+++ b/fftools/ffprobe.c
@@ -2929,8 +2929,10 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile,
                 FrameData *fd;
 
                 pkt->opaque_ref = av_buffer_allocz(sizeof(*fd));
-                if (!pkt->opaque_ref)
-                    return AVERROR(ENOMEM);
+                if (!pkt->opaque_ref) {
+                    ret = AVERROR(ENOMEM);
+                    goto end;
+                }
                 fd = (FrameData*)pkt->opaque_ref->data;
                 fd->pkt_pos  = pkt->pos;
                 fd->pkt_size = pkt->size;
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/5] avformat/hls_sample_encryption: Always free AC3HeaderInfo on error

[Andreas Rheinhardt]

The code currently presumes that a return value of AVERROR(ENOMEM)
implies that ac3hdr could not be allocated, so it need not be freed.
Yet any avpriv_ac3_parse_header() might allocate more than the
AC3HeaderInfo internally (it doesn't currently), so simply free
it unconditionally.

Fixes Coverity issues #1492870 and #1492868.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/hls_sample_encryption.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/libavformat/hls_sample_encryption.c b/libavformat/hls_sample_encryption.c
index 089662905b..d5b4c11b66 100644
--- a/libavformat/hls_sample_encryption.c
+++ b/libavformat/hls_sample_encryption.c
@@ -105,8 +105,7 @@ int ff_hls_senc_parse_audio_setup_info(AVStream *st, HLSAudioSetupInfo *info)
 
         ret = avpriv_ac3_parse_header(&ac3hdr, info->setup_data, info->setup_data_length);
         if (ret < 0) {
-            if (ret != AVERROR(ENOMEM))
-                av_free(ac3hdr);
+            av_free(ac3hdr);
             return ret;
         }
 
@@ -317,8 +316,7 @@ static int get_next_ac3_eac3_sync_frame(CodecParserContext *ctx, AudioFrame *fra
 
     ret = avpriv_ac3_parse_header(&hdr, frame->data, ctx->buf_end - frame->data);
     if (ret < 0) {
-        if (ret != AVERROR(ENOMEM))
-            av_free(hdr);
+        av_free(hdr);
         return ret;
     }
 
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 2/5] avformat/hls_sample_encryption: Always free AC3HeaderInfo on error

[Andreas Rheinhardt]

Andreas Rheinhardt:
> The code currently presumes that a return value of AVERROR(ENOMEM)
> implies that ac3hdr could not be allocated, so it need not be freed.
> Yet any avpriv_ac3_parse_header() might allocate more than the
> AC3HeaderInfo internally (it doesn't currently), so simply free
> it unconditionally.
> 
> Fixes Coverity issues #1492870 and #1492868.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
> ---
>  libavformat/hls_sample_encryption.c | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/libavformat/hls_sample_encryption.c b/libavformat/hls_sample_encryption.c
> index 089662905b..d5b4c11b66 100644
> --- a/libavformat/hls_sample_encryption.c
> +++ b/libavformat/hls_sample_encryption.c
> @@ -105,8 +105,7 @@ int ff_hls_senc_parse_audio_setup_info(AVStream *st, HLSAudioSetupInfo *info)
>  
>          ret = avpriv_ac3_parse_header(&ac3hdr, info->setup_data, info->setup_data_length);
>          if (ret < 0) {
> -            if (ret != AVERROR(ENOMEM))
> -                av_free(ac3hdr);
> +            av_free(ac3hdr);
>              return ret;
>          }
>  
> @@ -317,8 +316,7 @@ static int get_next_ac3_eac3_sync_frame(CodecParserContext *ctx, AudioFrame *fra
>  
>      ret = avpriv_ac3_parse_header(&hdr, frame->data, ctx->buf_end - frame->data);
>      if (ret < 0) {
> -        if (ret != AVERROR(ENOMEM))
> -            av_free(hdr);
> +        av_free(hdr);
>          return ret;
>      }
>  

Will apply the rest of this patchset tomorrow unless there are objections.

- Andreas

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/5] avcodec/nvenc: Remove always-true check

[Andreas Rheinhardt]

nvenc_store_frame_data() is always called with frame != NULL
(checked at the beginning of nvenc_send_frame());
in fact, frame is dereferenced unconditionally after the block
guarded by the check for frame. Therefore Coverity complains
about this in issue #1538295.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/nvenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/nvenc.c b/libavcodec/nvenc.c
index 0b6417674e..505b95f93c 100644
--- a/libavcodec/nvenc.c
+++ b/libavcodec/nvenc.c
@@ -2249,7 +2249,7 @@ static int nvenc_store_frame_data(AVCodecContext *avctx, NV_ENC_PIC_PARAMS *pic_
     // in case the encoder got reconfigured, there might be leftovers
     av_buffer_unref(&frame_data->frame_opaque_ref);
 
-    if (frame && frame->opaque_ref && avctx->flags & AV_CODEC_FLAG_COPY_OPAQUE) {
+    if (frame->opaque_ref && avctx->flags & AV_CODEC_FLAG_COPY_OPAQUE) {
         frame_data->frame_opaque_ref = av_buffer_ref(frame->opaque_ref);
         if (!frame_data->frame_opaque_ref)
             return AVERROR(ENOMEM);
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/5] avcodec/mpegvideo_dec: Use av_fast_padded_malloc where appropriate

[Andreas Rheinhardt]

Will probably also fix Coverity issue #1473529.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/mpegvideo_dec.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/libavcodec/mpegvideo_dec.c b/libavcodec/mpegvideo_dec.c
index 670b0912e2..16e8b9193a 100644
--- a/libavcodec/mpegvideo_dec.c
+++ b/libavcodec/mpegvideo_dec.c
@@ -154,21 +154,16 @@ do {\
     s->divx_packed  = s1->divx_packed;
 
     if (s1->bitstream_buffer) {
-        if (s1->bitstream_buffer_size +
-            AV_INPUT_BUFFER_PADDING_SIZE > s->allocated_bitstream_buffer_size) {
-            av_fast_malloc(&s->bitstream_buffer,
-                           &s->allocated_bitstream_buffer_size,
-                           s1->allocated_bitstream_buffer_size);
-            if (!s->bitstream_buffer) {
-                s->bitstream_buffer_size = 0;
-                return AVERROR(ENOMEM);
-            }
+        av_fast_padded_malloc(&s->bitstream_buffer,
+                              &s->allocated_bitstream_buffer_size,
+                              s1->bitstream_buffer_size);
+        if (!s->bitstream_buffer) {
+            s->bitstream_buffer_size = 0;
+            return AVERROR(ENOMEM);
         }
         s->bitstream_buffer_size = s1->bitstream_buffer_size;
         memcpy(s->bitstream_buffer, s1->bitstream_buffer,
                s1->bitstream_buffer_size);
-        memset(s->bitstream_buffer + s->bitstream_buffer_size, 0,
-               AV_INPUT_BUFFER_PADDING_SIZE);
     }
 
     // linesize-dependent scratch buffer allocation
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 5/5] avcodec/sga: Don't use GetBit-API for byte-aligned reads

[Andreas Rheinhardt]

Use the bytestream2-API instead.
Should also fix Coverity issue #1473536 (which is about an unchecked
init_get_bits8()).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/sga.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/libavcodec/sga.c b/libavcodec/sga.c
index eae691adad..4ced6e9890 100644
--- a/libavcodec/sga.c
+++ b/libavcodec/sga.c
@@ -127,19 +127,18 @@ static int decode_index_palmap(SGAVideoContext *s, AVFrame *frame)
 
 static int decode_index_tilemap(SGAVideoContext *s, AVFrame *frame)
 {
-    GetByteContext *gb = &s->gb;
-    GetBitContext pm;
+    GetByteContext *gb = &s->gb, gb2;
 
     bytestream2_seek(gb, s->tilemapdata_offset, SEEK_SET);
     if (bytestream2_get_bytes_left(gb) < s->tilemapdata_size)
         return AVERROR_INVALIDDATA;
 
-    init_get_bits8(&pm, gb->buffer, s->tilemapdata_size);
+    gb2 = *gb;
 
     for (int y = 0; y < s->tiles_h; y++) {
         for (int x = 0; x < s->tiles_w; x++) {
             uint8_t tile[64];
-            int tilemap = get_bits(&pm, 16);
+            int tilemap = bytestream2_get_be16u(&gb2);
             int flip_x = (tilemap >> 11) & 1;
             int flip_y = (tilemap >> 12) & 1;
             int tindex = av_clip((tilemap & 511) - 1, 0, s->nb_tiles - 1);
-- 
2.34.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 5/5] avcodec/sga: Don't use GetBit-API for byte-aligned reads

[Paul B Mahol]

Have you actually tested this?
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 5/5] avcodec/sga: Don't use GetBit-API for byte-aligned reads

[Andreas Rheinhardt]

Paul B Mahol:
> Have you actually tested this?
> 

Yes.
https://samples.ffmpeg.org/game-formats/segacd/sga/doubleswitch/gameover.sga
executes this codepath.

- Andreas

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/5] fftools/ffprobe: Fix memleak

[James Almer]

On 7/31/2023 8:08 AM, Andreas Rheinhardt wrote:
> Fixes Coverity issue #1524491.
> Regression since e6126abc6997058ca49ee596b70611bbe367163e.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
> ---
>   fftools/ffprobe.c | 6 ++++--
>   1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
> index 81610c097b..5c2d4cbff1 100644
> --- a/fftools/ffprobe.c
> +++ b/fftools/ffprobe.c
> @@ -2929,8 +2929,10 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile,
>                   FrameData *fd;
>   
>                   pkt->opaque_ref = av_buffer_allocz(sizeof(*fd));
> -                if (!pkt->opaque_ref)
> -                    return AVERROR(ENOMEM);
> +                if (!pkt->opaque_ref) {
> +                    ret = AVERROR(ENOMEM);
> +                    goto end;
> +                }
>                   fd = (FrameData*)pkt->opaque_ref->data;
>                   fd->pkt_pos  = pkt->pos;
>                   fd->pkt_size = pkt->size;

LGTM.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/5] fftools/ffprobe: Fix memleak

[Stefano Sabatini]

On date Monday 2023-07-31 13:08:37 +0200, Andreas Rheinhardt wrote:
> Fixes Coverity issue #1524491.
> Regression since e6126abc6997058ca49ee596b70611bbe367163e.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
> ---
>  fftools/ffprobe.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/fftools/ffprobe.c b/fftools/ffprobe.c
> index 81610c097b..5c2d4cbff1 100644
> --- a/fftools/ffprobe.c
> +++ b/fftools/ffprobe.c
> @@ -2929,8 +2929,10 @@ static int read_interval_packets(WriterContext *w, InputFile *ifile,
>                  FrameData *fd;
>  
>                  pkt->opaque_ref = av_buffer_allocz(sizeof(*fd));
> -                if (!pkt->opaque_ref)
> -                    return AVERROR(ENOMEM);
> +                if (!pkt->opaque_ref) {
> +                    ret = AVERROR(ENOMEM);
> +                    goto end;
> +                }
>                  fd = (FrameData*)pkt->opaque_ref->data;
>                  fd->pkt_pos  = pkt->pos;
>                  fd->pkt_size = pkt->size;

LGTM, thanks.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".