From: Detlev Casanova <detlev.casanova@collabora.com>
Date: Tue, 17 Oct 2023 16:42:59 +0000 (-0400)
Subject: codecs: h265: Do not free slice header before using it
X-Git-Tag: 1.22.7~37
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=99435dc4993c7d5abdd1833ff67f6f6fbd1ae2e7;hp=b2c7e8549c39072ae753c29a967fc175e33ff7ad;p=platform%2Fupstream%2Fgstreamer.git

codecs: h265: Do not free slice header before using it

The v4l2codecs H.265 decoder uses the
GstH265SliceHdr::entry_point_offset_minus1 array so make sure that it is not
freed before decoding the frame.

Before this patch, some H.265 input would segfault in
gst_v4l2_codec_h265_dec_fill_slice_params() when executing the line:

guint32 entry_point_offset = slice_hdr->entry_point_offset_minus1[i] + 1;

Make sure that the array is not freed before using it.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5503>
---

diff --git a/subprojects/gst-plugins-bad/gst-libs/gst/codecs/gsth265decoder.c b/subprojects/gst-plugins-bad/gst-libs/gst/codecs/gsth265decoder.c
index 70f0be9..70b5d77 100644
--- a/subprojects/gst-plugins-bad/gst-libs/gst/codecs/gsth265decoder.c
+++ b/subprojects/gst-plugins-bad/gst-libs/gst/codecs/gsth265decoder.c
@@ -829,11 +829,6 @@ gst_h265_decoder_parse_slice (GstH265Decoder * self, GstH265NalUnit * nalu)
   if (pres != GST_H265_PARSER_OK)
     return pres;
 
-  /* NOTE: gst_h265_parser_parse_slice_hdr() allocates array
-   * GstH265SliceHdr::entry_point_offset_minus1 but we don't use it
-   * in this h265decoder baseclass at the moment
-   */
-  gst_h265_slice_hdr_free (&slice.header);
   slice.nalu = *nalu;
 
   if (nalu->type >= GST_H265_NAL_SLICE_BLA_W_LP &&
@@ -2049,6 +2044,9 @@ gst_h265_decoder_clear_nalu (GstH265DecoderNalUnit * nalu)
   if (!nalu)
     return;
 
+  if (nalu->is_slice)
+    gst_h265_slice_hdr_free (&nalu->unit.slice.header);
+
   memset (nalu, 0, sizeof (GstH265DecoderNalUnit));
 }