From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id EA0C845329
	for <ffmpegdev@gitmailbox.com>; Sat, 21 Jan 2023 21:58:45 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 45D5F68BAD6;
	Sat, 21 Jan 2023 23:58:42 +0200 (EET)
Received: from mail8.parnet.fi (mail8.parnet.fi [77.234.108.134])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EB74C68A23A
 for <ffmpeg-devel@ffmpeg.org>; Sat, 21 Jan 2023 23:58:35 +0200 (EET)
Received: from mail9.parnet.fi (mail9.parnet.fi [77.234.108.21])
 by mail8.parnet.fi  with ESMTP id 30LLwYRN023587-30LLwYRO023587;
 Sat, 21 Jan 2023 23:58:34 +0200
Received: from foo.martin.st (host-97-187.parnet.fi [77.234.97.187])
 by mail9.parnet.fi (Postfix) with ESMTPS id 05DFAA1430;
 Sat, 21 Jan 2023 23:58:33 +0200 (EET)
Date: Sat, 21 Jan 2023 23:58:32 +0200 (EET)
From: =?ISO-8859-15?Q?Martin_Storsj=F6?= <martin@martin.st>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
In-Reply-To: <20230121012030.1471-1-aicommander@gmail.com>
Message-ID: <b82320cf-1fd7-3c1-ab6-71a937dd5974@martin.st>
References: <20230121012030.1471-1-aicommander@gmail.com>
MIME-Version: 1.0
X-FE-Policy-ID: 3:14:2:SYSTEM
Subject: Re: [FFmpeg-devel] [PATCH] avcodec/mfenc: fix double-free on init
 failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Cameron Gutman <aicommander@gmail.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/b82320cf-1fd7-3c1-ab6-71a937dd5974@martin.st/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On Fri, 20 Jan 2023, Cameron Gutman wrote:

> mfenc sets FF_CODEC_CAP_INIT_CLEANUP, so calling mf_close() on
> failure inside mf_init() results in a double-free.
>
> Signed-off-by: Cameron Gutman <aicommander@gmail.com>
> ---
> libavcodec/mfenc.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/libavcodec/mfenc.c b/libavcodec/mfenc.c
> index 36a6d8482d..f3415df10b 100644
> --- a/libavcodec/mfenc.c
> +++ b/libavcodec/mfenc.c
> @@ -1214,7 +1214,6 @@ static int mf_init(AVCodecContext *avctx)
>                 return 0;
>         }
>     }
> -    mf_close(avctx);
>     return ret;
> }

This change looks correct to me - thanks for that!

However I think it'd be even nicer if we could make mf_close safe to call 
multiple times at the same time (but the duplicate call should of course 
still be removed); if we'd reset c->codec_api and c->async_events to NULL, 
it would be safe to call multiple times, right?

// Martin

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".