af_compand: make sure request_frame always outputs at least one frame

This fixes a segmentation fault because request_frame in fifo.c assumes
that the call to ff_request_frame will populate fifo->root.next.
Before, it was possible for request_frame in af_compand to not do this,
resulting in a null pointer access. Now, request_frame in af_compand
always will return at least one frame or an error, as per the API
specifications in avfilter.h for request_frame.

Signed-off-by: Anton Khirnov <anton@khirnov.net>

diff --git a/libavfilter/af_compand.c b/libavfilter/af_compand.c
index a6692bc37f3d3becec39021ed4540b115926dd0a..f21c861e066a78257febd6facb096cd6d074a444 100644 (file)
--- a/libavfilter/af_compand.c
+++ b/libavfilter/af_compand.c
@@ -71,6 +71,8 @@ typedef struct CompandContext {
     int64_t pts;
 
     int (*compand)(AVFilterContext *ctx, AVFrame *frame);
+    /* set by filter_frame() to signal an output frame to request_frame() */
+    int got_output;
 } CompandContext;
 
 #define OFFSET(x) offsetof(CompandContext, x)
@@ -287,7 +289,15 @@ static int compand_delay(AVFilterContext *ctx, AVFrame *frame)
     s->delay_index = dindex;
 
     av_frame_free(&frame);
-    return out_frame ? ff_filter_frame(ctx->outputs[0], out_frame) : 0;
+
+    if (out_frame) {
+        err = ff_filter_frame(ctx->outputs[0], out_frame);
+        if (err >= 0)
+            s->got_output = 1;
+        return err;
+    }
+
+    return 0;
 }
 
 static int compand_drain(AVFilterLink *outlink)
@@ -559,9 +569,11 @@ static int request_frame(AVFilterLink *outlink)
 {
     AVFilterContext *ctx = outlink->src;
     CompandContext *s    = ctx->priv;
-    int ret;
+    int ret = 0;
 
-    ret = ff_request_frame(ctx->inputs[0]);
+    s->got_output = 0;
+    while (ret >= 0 && !s->got_output)
+        ret = ff_request_frame(ctx->inputs[0]);
 
     if (ret == AVERROR_EOF && s->delay_count)
         ret = compand_drain(outlink);