fix potential crash issue due to sws_scale()

author jiyong.min <jiyong.min@samsung.com>

Wed, 13 Jan 2021 00:13:12 +0000 (09:13 +0900)

committer jiyong.min <jiyong.min@samsung.com>

Thu, 14 Jan 2021 00:34:07 +0000 (09:34 +0900)
author jiyong.min <jiyong.min@samsung.com>
Wed, 13 Jan 2021 00:13:12 +0000 (09:13 +0900)
committer jiyong.min <jiyong.min@samsung.com>
Thu, 14 Jan 2021 00:34:07 +0000 (09:34 +0900)
diff --git a/formats/ffmpeg/mm_file_format_ffmpeg.c b/formats/ffmpeg/mm_file_format_ffmpeg.c

index fe28c7e6e0f2f2b113318e90be07408eb5916f69..66f1714ca1502163c38b24f56ac05918c197aaa8 100644 (file)
--- a/formats/ffmpeg/mm_file_format_ffmpeg.c
+++ b/formats/ffmpeg/mm_file_format_ffmpeg.c
@@ -847,7 +847,12 @@ int mmfile_format_read_frame_ffmpg(MMFileFormatContext *formatContext, unsigned
                 goto exception;
         }
  
-       frame->frameData = g_malloc0(numBytes);
+       frame->frameData = av_malloc(numBytes);
+       if (!frame->frameData) {
+               debug_error(DEBUG, "error: av_malloc.");
+               ret = MMFILE_FORMAT_FAIL;
+               goto exception;
+       }
  
         uint8_t *dst_data[4];
         int dst_linesize[4];
@@ -885,6 +890,7 @@ int mmfile_format_read_frame_ffmpg(MMFileFormatContext *formatContext, unsigned
         frame->frameWidth = width;
         frame->frameHeight = height;
         frame->configLenth = 0;
+       frame->frameDataFree = av_free;
  
         if (pFrame)
                 av_frame_free(&pFrame);
@@ -897,7 +903,7 @@ exception:
         if (pVideoCodecCtx)
                 avcodec_free_context(&pVideoCodecCtx);
  
-       mmfile_free(frame->frameData);
+       av_freep(&frame->frameData);
  
         if (pFrame)
                 av_frame_free(&pFrame);
diff --git a/formats/ffmpeg/mm_file_format_frame.c b/formats/ffmpeg/mm_file_format_frame.c

index 5b4517c5e1ea76df6fa22bd41f96ba2b9e5f6438..f9e402aad73d66b39cba500e351df94ccbe42af2 100755 (executable)
--- a/formats/ffmpeg/mm_file_format_frame.c
+++ b/formats/ffmpeg/mm_file_format_frame.c
@@ -475,7 +475,12 @@ static int __mmfile_get_frame(AVFormatContext *pFormatCtx,
                 goto exception;
         }
  
-       *frame = g_malloc0(*size);
+       *frame = av_malloc(*size);
+       if (!(*frame)) {
+               debug_error(DEBUG, "error: av_malloc.");
+               ret = MMFILE_FORMAT_FAIL;
+               goto exception;
+       }
  
         debug_msg(RELEASE, "size : %d", *size);
         debug_msg(RELEASE, "width : %d", *width);
@@ -501,7 +506,7 @@ static int __mmfile_get_frame(AVFormatContext *pFormatCtx,
         return MMFILE_FORMAT_SUCCESS;
  
  exception:
-       mmfile_free(*frame);
+       av_freep(frame);
  
         if (pFrame)
                 av_frame_free(&pFrame);
diff --git a/include/mm_file_formats.h b/include/mm_file_formats.h

index 94864c7efd734a2e3e84265b1ec32f1d666a9dae..cff3dfb25eb0e331d2cc82cdf541f8fe12b86abc 100755 (executable)
--- a/include/mm_file_formats.h
+++ b/include/mm_file_formats.h
@@ -90,6 +90,7 @@ typedef struct _mmfileformatframe {
         unsigned int    frameHeight;
         unsigned int    configLenth;
         unsigned char   *frameData;
+       void    (*frameDataFree)(void *);
         void                    *configData;
         unsigned int    timestamp;
         unsigned int    frameNumber;
diff --git a/mm_file.c b/mm_file.c

index ef7753527661594e3f4993b7054a43d58265ab0e..1ecec7db0f19beb8a7520567cb23ec04777861e0 100644 (file)
--- a/mm_file.c
+++ b/mm_file.c
@@ -389,6 +389,7 @@ __get_contents_thumbnail(MMFileFormatContext *formatContext)
         thumbnail->frameWidth = frameContext.frameWidth;
         thumbnail->frameHeight = frameContext.frameHeight;
         thumbnail->frameData = frameContext.frameData;
+       thumbnail->frameDataFree = frameContext.frameDataFree;
         thumbnail->configLenth = 0;
         thumbnail->configData = NULL;
  
@@ -402,7 +403,10 @@ __get_contents_thumbnail(MMFileFormatContext *formatContext)
         return FILEINFO_ERROR_NONE;
  exception:
         mmfile_free(thumbnail);
-       mmfile_free(frameContext.frameData);
+       if (frameContext.frameDataFree)
+               frameContext.frameDataFree(frameContext.frameData);
+       else
+               mmfile_free(frameContext.frameData);
         mmfile_free(frameContext.configData);
  
         return ret;
@@ -473,7 +477,10 @@ but MMFileUtilGetMetaDataFromMP4() Extract just TAG info. That is needed for mm_
                 _info_set_attr_media(attrs, formatContext);
  
         if (formatContext->thumbNail) {
-               mmfile_free(formatContext->thumbNail->frameData);
+               if (formatContext->thumbNail->frameDataFree)
+                       formatContext->thumbNail->frameDataFree(formatContext->thumbNail->frameData);
+               else
+                       mmfile_free(formatContext->thumbNail->frameData);
                 mmfile_free(formatContext->thumbNail->configData);
                 mmfile_free(formatContext->thumbNail);
         }
author	jiyong.min <jiyong.min@samsung.com>
	Wed, 13 Jan 2021 00:13:12 +0000 (09:13 +0900)
committer	jiyong.min <jiyong.min@samsung.com>
	Thu, 14 Jan 2021 00:34:07 +0000 (09:34 +0900)
formats/ffmpeg/mm_file_format_ffmpeg.c		patch \| blob \| history
formats/ffmpeg/mm_file_format_frame.c		patch \| blob \| history
include/mm_file_formats.h		patch \| blob \| history
mm_file.c		patch \| blob \| history