#7327 closed defect (invalid)

libavcodec/dxva2.c:ff_dxva2_commit_buffer()function has a potential Uninitialized variable use

Reported by: fisher Owned by:
Priority: normal Component: undetermined
Version: unspecified Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no


here is the code snippet of ff_dxva2_commit_buffer()function.In the function,if CONFIG_D3D11VA and CONFIG_DXVA2 are false, |dxva_data| and |dxva_size| will be used without be assigned a value. In memcpy(dxva_data, data, size); code,it may write value to some uncontroled address.

int ff_dxva2_commit_buffer(AVCodecContext *avctx,

AVDXVAContext *ctx,
unsigned type, const void *data, unsigned size,
unsigned mb_count)


void *dxva_data;
unsigned dxva_size;
int result;
HRESULT hr = 0;


if (ff_dxva2_is_d3d11(avctx))

hr = ID3D11VideoContext_GetDecoderBuffer(D3D11VA_CONTEXT(ctx)->video_context,

&dxva_size, &dxva_data);


if (avctx->pix_fmt == AV_PIX_FMT_DXVA2_VLD)

hr = IDirectXVideoDecoder_GetBuffer(DXVA2_CONTEXT(ctx)->decoder, type,

&dxva_data, &dxva_size);


if (FAILED(hr)) {

av_log(avctx, AV_LOG_ERROR, "Failed to get a buffer for %u: 0x%x\n",

type, (unsigned)hr);

return -1;

if (size <= dxva_size) {

memcpy(dxva_data, data, size);

Change History (2)

comment:1 Changed 14 months ago by heleppkes

If both CONFIG_D3D11VA and CONFIG_DXVA2 are false, this code will never be used, and should not even be compiled.

comment:2 Changed 14 months ago by cehoyos

  • Resolution set to invalid
  • Status changed from new to closed

And it won't:

$ grep dxva2.o libavcodec/Makefile
OBJS-$(CONFIG_D3D11VA)                    += dxva2.o
OBJS-$(CONFIG_DXVA2)                      += dxva2.o
Note: See TracTickets for help on using tickets.