From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
by master.gitmailbox.com (Postfix) with ESMTPS id C9E0E4D959
for <ffmpegdev@gitmailbox.com>; Mon, 21 Apr 2025 14:46:52 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 487B4687C6E;
Mon, 21 Apr 2025 17:46:49 +0300 (EEST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
(mail-db8eur05olkn2054.outbound.protection.outlook.com [40.92.89.54])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 550A7687B52
for <ffmpeg-devel@ffmpeg.org>; Mon, 21 Apr 2025 17:46:42 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=Ubm6hqx1Y3zk0iEX5KBeJVE0SA2Q4PcOpLN/RaqjlXIcvoNT/C/orfXAfoOXy8SAETNHd7Qk6qgrYofNvoQSUE3S0nEl2ZskEo+uVaStZrHcKj9OMEJWvicX9mA8hgPLp+j469CIOKJBZkT1S14Lhf/dUSHBLbk3Qyrnlm0NcKUFDktri2+bTcoW+ebg9C3q0lzrc/Gyy+IfgZsa9pqG030Zaqs/pc1AeD+yCf9ope93QseyDkcg6SWaXig6gm2+KskBdaIyz5NwzaSUqNdhcadf6AYr3LTsL4MfNraRCCJsuPiz3UOJeATuiI6W9L1zQqqNrzuQugh1TOdAtMD7nQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=qBy27CJnXQ3UsJ2u4drZnHBKYe6Cib3yS49ao+SSqBs=;
b=xKScqueklsMBIDCNCXdJ4AxjklaHAUeUw7ViKDwSQRTPwParvyTvKv6AVaotwA/N3rrHOlXTtJlAJQHJa1KdoBlbdxdlxNGHx6WjtxTHFSBfsh17l/NCQQAQVNCrEbzsyvFIex0XQ4NdEzl5eaollNaO3e3Bb2KeXFI8LmATHRey/KbkBPJZI52BsqLyCbasUzz6u4O51mZ/jq24EUCORTA0AmUhn2N6rxXSsEe/Wt1aNHBRwDQHdjIXpzD1GY7/hP2xscRYPaMcG3M6tI8GUEWrahavpFhKGOWCHWXZdI9Zcv572gQIsYuk3C+wMYk959zRn09FFJwpuWjjsG3GhQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=qBy27CJnXQ3UsJ2u4drZnHBKYe6Cib3yS49ao+SSqBs=;
b=ITGXG+4e7B+nOuerbQ8jk5ajsYZok8f19VbbTkarPywqMWqZZ6oENjohj1p8C/WRkFp8818yupznjW2i4smeUbiLx7KjiFEGTn8lHbuXOCA+5d0u11G8NdQgeviN6+LJG+YffH5e7cyZQFIM13d5iFkwfgBVQvyyARJF3fTOs2z6JdT9nTPmvncERl3CcLsRG7K5URcMyW+kn5FKPcMKXSQaGihFr6D53X8F5iQryjaayb8zxatfJoaxwjC0z3fzlLMJvTiGX5riZ5tJFaqOxfTuFXSZm8J10Q1HWM5G2iFlI4yeEFyt2A2y75uFCaKy/u5obeeTe6SmD19b/jKPBA==
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17)
by AS4P250MB0824.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:584::17) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.33; Mon, 21 Apr
2025 14:46:40 +0000
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
([fe80::d6a1:e3af:a5f1:b614]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
([fe80::d6a1:e3af:a5f1:b614%5]) with mapi id 15.20.8655.031; Mon, 21 Apr 2025
14:46:40 +0000
Message-ID: <GV1P250MB0737E5F6C1568559C5714EED8FB82@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
Date: Mon, 21 Apr 2025 16:46:38 +0200
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <GV1P250MB07375B64B29E55041F5DC6828FB42@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
Content-Language: en-US
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
In-Reply-To: <GV1P250MB07375B64B29E55041F5DC6828FB42@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
X-ClientProxiedBy: FR4P281CA0430.DEUP281.PROD.OUTLOOK.COM
(2603:10a6:d10:d1::20) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
(2603:10a6:150:8e::17)
X-Microsoft-Original-Message-ID: <259fd6bc-9a58-429d-8f98-fb5f16970309@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AS4P250MB0824:EE_
X-MS-Office365-Filtering-Correlation-Id: 391af4ff-f47b-4e7c-639e-08dd80e35349
X-Microsoft-Antispam: BCL:0;
ARA:14566002|8060799006|6090799003|19110799003|5072599009|15080799006|461199028|7092599003|10035399004|440099028|3412199025|41001999003|12091999003;
X-Microsoft-Antispam-Message-Info: =?utf-8?B?VTB5TUhpYkRUSWNRdVF6WFF1VEk5WTZONjNZdXQ3bXUvUVJ2ek4yUU80R2lJ?=
=?utf-8?B?SW8zYWxSZkdhbkVtYnQ0RUhyOG5PR0VsRFRueE9yTjhQNjhDMTFBQ3g5a2dS?=
=?utf-8?B?MXA1UWNMOFpVSktxbkwvQ3lwREJXeGNJQk11QXk4K3dXQnZVRzA1MGxQWHhD?=
=?utf-8?B?RGQwNTVZVGxDdGxaK2dJc1Rtbk1qaTdtQjJVUkMxalI4a1hzT3hIS0F2dnBB?=
=?utf-8?B?VFpTcmpmTTk2Z1hQN0JVUXpDNGpiVkY0VUNEcUx1TmFPVkMvZGtUVjlkK0w4?=
=?utf-8?B?bXI5OG82a2NiZ3JkUnRzMDJWZlc5a1hlM2RYa1ZvaW9kVExFcjQ1UVE2WVp0?=
=?utf-8?B?OFpKWHBnM3BlQ2J3Vk4rWEQ2dlVWcHRSd2Y3YytPaUpRYy94STF3R2hKbG50?=
=?utf-8?B?bVR2K3BHQ0NycHhYemtNb1pzclFoNVZFc1duenQrdzQzNnZyQlVRSXh5K2Ir?=
=?utf-8?B?Q25MZFN3UHVQbzVGOXZKb3lKdncydW8vZng0aDlxODBXZ2J5YmhqeXF6RFNK?=
=?utf-8?B?NG15bDBOQmlzbFgvZHBsVVZFbzRRQlBVaUVBSHUxV2VpaVZaYXNoS29GazJL?=
=?utf-8?B?ODE3VTRibHBLaTFxY25vdnl6NEJ3OS9HVXFhREJUWVh4TEQ2NGpuYTFQbzRI?=
=?utf-8?B?M2dVTkZtTm9hQ3ZjRHBrUFd2T0diQ2ttYTdnenFwREhJcEtGSlVVK3JPUXJR?=
=?utf-8?B?NVBFcDhuN2NicTlvQ2dxRldiR3RzNDJkZmRTR1BESWRtL3NqNmwwSWgwdGNv?=
=?utf-8?B?UDVzSGsyOHk5UEJuK29HMUpKSDJNcW5QNUVlUW5jcDAxT1ZKbi9VWnRIOWhF?=
=?utf-8?B?a3FhYllDcHdKcSs2Q3FDN3JmUWMzUytOenVNUzIzYjhWWGZPK0htUXpsREIy?=
=?utf-8?B?Y0gvdHlyRmY1amprWkx3R014VnE2c2JWZjJyUEVFN1FvckdheEt6NlUxazRQ?=
=?utf-8?B?MUx0bGwyZjdTQ0RoOC9ZcW5lV3pUZ0pvdEJpQnJJM011NGMzbnViSVMyeXlD?=
=?utf-8?B?VFM2bHppMnd2WmwzSkc3VlRyZE9GeFpGclRmcG1Ld1FPcWJySzBZb1psZmZ4?=
=?utf-8?B?MTMrdVVWcUZYU1VJN3NmQ1Y3N1IyODMvVTRHQjdRTDZRYm1Sd3BLQk9oakYx?=
=?utf-8?B?QitCK25mdGwwSU5JT0JhMEpCSVZyVmZvd3U3bHBTeXV5Q3VmcU9VODBsQ0Zq?=
=?utf-8?B?dmo3NVhRMjRnMEduYlBkUXRkaEU1ZkY4TURqRkRxMGdrWFVYaVlqeU83cHBO?=
=?utf-8?B?YkgyTUZkc3Z5cHNLN3Z2bk50djdKVVgyODZOREN1ZkRrTi9VczZNZncwUVN2?=
=?utf-8?B?ZVNKVjZ6clF5RjBDR0pGd2p4a2NSTTA2YkhGT3VseC9EZFpTNzBKOTF1Q29O?=
=?utf-8?B?dTZpaDkwb0hqWGZDNUdNVEwrcXgvYXF6K0FhZGhQSVhPZ3JFVDVIMCtyVzZB?=
=?utf-8?B?V1phNnZ5MExncm9weUFuTGU4Y0NUb0lnZHRTVE9BNjZhQTFCbjdreXRVMGxT?=
=?utf-8?B?NVlveVFzODFZVjRRSnExdld4eHA0WnVNdmxCeFowT29RZW1McFlRbFQ2d0pi?=
=?utf-8?B?Zi9iYkpSOFN5b3NtZmFlL2NFc1ZLb2NRR05tRDY0Z3QvZnVpeDdJd0FXR0Vp?=
=?utf-8?B?dTdMZW9vZWtsZlJlRmxBcmVpcVRLRE1uVW9oY1BKcExDYkhmMElSS3oxUjhx?=
=?utf-8?Q?a02o36nUM30mnB4oajnM?=
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dDloVUhMeGRMek5SdWRxdUlsZjlNckphSjZKOGs2MVZlS2UxSVkvaWRXYzY5?=
=?utf-8?B?NWlTckVTWkM3Z1BFSGtYQ1NQcmlRN1hCUE1sakN2NUcwa0IyVDlMcW5ad1ZZ?=
=?utf-8?B?V3pHc29uOGdRTEh5azdDSUhJdWhzbWFLamwwSEVmL0diRm9sUm9zcmpSSEUr?=
=?utf-8?B?U0FXakFNU2djODF3RWxLRXo1NTNOZkUrRndJVXNxWldhbE5JTyszTi80Y0xE?=
=?utf-8?B?OE55clAyVm1ZU1FjRFBXdzF2K094SDQ0ZEpiWm5QSWFYZFNIM2FDbGJacEd2?=
=?utf-8?B?OHd5KzYreXFELzVhQ1AydU9IR3ViZHB0R3l3ZlBnQ1ZDN3dYZ2Nzc0Z1SXhn?=
=?utf-8?B?OERFcmZXRm5MUHlnK0U4MmJNY0NYQ3JCN3Bzei9jdmRUck9INjRaalRNaWF4?=
=?utf-8?B?UktHV3JQL1FhSGcweG9EaTBzdjV1WEFudFJzVEZoYVRBUk5ZdnFvb1Iwa3o1?=
=?utf-8?B?RWtPdWV6clY0bG1qc0thOEQwSkdiMkdNM1pVTWg0eXpKMFB3NlJWTGdDUXc4?=
=?utf-8?B?dnFaVDIzdWZZclhwSEVUTzNPY3Fma1ljY0p3bEIrSXNlakVCUzRaMDN6MmZN?=
=?utf-8?B?WTdsYzdYTU12NiswQ0w0MkdHMEkzS0l0Um8zaHpKQ2xoVzlNM0ZxdlJSdlhR?=
=?utf-8?B?TFlsdzNRdE9xdWp3TmtWQTNQc0pyMEsrOVcyOEtBWTgvV1dkS3pjMlh0TTV0?=
=?utf-8?B?R3FxeGFRK2VLRlpZNnp2cmJ0dVIxWGVML2lJRVJBbThIanBtWGptT3FDdFFJ?=
=?utf-8?B?NGV4VStvL1dEclVGQjFoTFQvZGpya1pSK01NdEN3dkhIOGFSSTN3Q1VFVE5k?=
=?utf-8?B?K0gyREtsRkdIbk56R2M3THhjSy92TGFLNUk2d2xRblhRQ3E4REhlT2pJNEgz?=
=?utf-8?B?Y1NrT2h4UkFwVXk2UThOdk9yM2pHN01hZTdrbHUrSVpVNmhDN1FxbjlUbnRX?=
=?utf-8?B?dEdVa0lZRTBQYmk1OC96N0hRLzhTdFI2ZEU5VEc1em0vL2lOZTBjQzZrWjF4?=
=?utf-8?B?QXpndmV2MXk3dEx0Q1duZm51RmlwYXQySS9PWnNsdWJZTjlJTWw2N0NpWlBH?=
=?utf-8?B?Q3dnOVp1M2lMN0MwbE9MYjIrT2hrejV6dkxkY3ZhMk9JeFplRDB5ajc5ZkN2?=
=?utf-8?B?TlM5YzVNcmhiSlUvNklOT0RBK1hkekJqeFJxZUlyTFBLdGVKdGtwN3Rydmdq?=
=?utf-8?B?cVZtam1VTXcvZjVHeGhpOUVySVZxdTB1dVkxMDBnSno1SFM5S1dLZFRJbTBn?=
=?utf-8?B?aEE2QkVTQkF0NDR3NUdJYVRIR0wwRkxoclFYSTVUYnJia1pmVWowNHdpQXZF?=
=?utf-8?B?bFdhU0dGUHB3eVp4UUhZYTZ5aFZQcGtrcTRwVlROZ2d5N3dsSEhCbGplejdl?=
=?utf-8?B?Y2cwMU9TZlpNUUxDbDF3L3dzQWJvdHZicHc4OWpWRWFUUDFuc0l0NXFaOFk2?=
=?utf-8?B?ZkhwODQ0RHl3OEZpSlc4QWVRRWR1dkJUMlNxVkN4M0NsS25pem4vclJSdDIv?=
=?utf-8?B?b3djMURxTDNLY2FMY0ZkM1FXeFQ3RW1MU1AzMW4yWEs5M2R1eGhUTjhMR2Va?=
=?utf-8?B?b2djSHdMeUZXRVgzM2RCbDVxVUNHL2p4Uzd3UUhtb0E2a1llSTBaeUd2bkpY?=
=?utf-8?B?ZzQ0cjN3UDM4M2tDU2sxcUhhS01QR2gvL3RGUHJuRUVlaTF0bmRPR3lpZXN2?=
=?utf-8?B?R1B4cEhFblZNdmdsaU5yTlZWMzFNMGxuQlFtdGpjSXExRTk3Sjg5RjgxTzNi?=
=?utf-8?B?Nm5HOFN1QmllRW8ybFhsalB0eTh2Y1BYZi9kZTZxcWJNWGgvOEkwamZ3MDZH?=
=?utf-8?B?UERDemNCc1BjekFRMXJ4Zz09?=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 391af4ff-f47b-4e7c-639e-08dd80e35349
X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Apr 2025 14:46:40.3037 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P250MB0824
Subject: Re: [FFmpeg-devel] [PATCH] avcodec/vp8: Maintain consistency of
frame pointers
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/GV1P250MB0737E5F6C1568559C5714EED8FB82@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>
Andreas Rheinhardt:
> Right now it is possible for the pointer for the current frame to
> be set in the context even when it could not be properly set up;
> this does not influence various the ordinary ref frames, but only
> VP8Context.prev_frame. And since this code has been ported to the
> ProgressFrame API in d48d7bc434f30dfbdf346f16715e4f2044b3e000,
> this leads to segfaults, because the ProgressFrame API is less
> forgiving than the ThreadFrame API (waiting on an uninitialized
> ProgressFrame segfaults, waiting on an uninitialized ThreadFrame
> is a no-op (the code behaves as if frame-threading is not in use)).
>
> Fix this by maintaining the consistency of the frame pointers
> in the context (by setting them later).
>
> Fixes: NULL pointer dereference
> Fixes: 68192/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP8_fuzzer-6180311026171904
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
> ---
> libavcodec/vp8.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
> index d6df018655..8945447eb6 100644
> --- a/libavcodec/vp8.c
> +++ b/libavcodec/vp8.c
> @@ -541,9 +541,12 @@ static int vp7_fade_frame(VP8Context *s, int alpha, int beta)
>
> /* preserve the golden frame, write a new previous frame */
> if (s->framep[VP8_FRAME_GOLDEN] == s->framep[VP8_FRAME_PREVIOUS]) {
> - s->framep[VP8_FRAME_PREVIOUS] = vp8_find_free_buffer(s);
> - if ((ret = vp8_alloc_frame(s, s->framep[VP8_FRAME_PREVIOUS], 1)) < 0)
> + VP8Frame *prev_frame = vp8_find_free_buffer(s);
> +
> + ret = vp8_alloc_frame(s, prev_frame, 1);
> + if (ret < 0)
> return ret;
> + s->framep[VP8_FRAME_PREVIOUS] = prev_frame;
>
> dst = s->framep[VP8_FRAME_PREVIOUS]->tf.f;
>
> @@ -2699,7 +2702,7 @@ int vp78_decode_frame(AVCodecContext *avctx, AVFrame *rframe, int *got_frame,
> &s->frames[i] != s->framep[VP8_FRAME_ALTREF])
> vp8_release_frame(&s->frames[i]);
>
> - curframe = s->framep[VP8_FRAME_CURRENT] = vp8_find_free_buffer(s);
> + curframe = vp8_find_free_buffer(s);
>
> if (!s->colorspace)
> avctx->colorspace = AVCOL_SPC_BT470BG;
> @@ -2723,6 +2726,7 @@ int vp78_decode_frame(AVCodecContext *avctx, AVFrame *rframe, int *got_frame,
>
> if ((ret = vp8_alloc_frame(s, curframe, referenced)) < 0)
> goto err;
> + s->framep[VP8_FRAME_CURRENT] = curframe;
> if (s->keyframe)
> curframe->tf.f->flags |= AV_FRAME_FLAG_KEY;
> else
Will apply. Sorry for the delay.
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".