Opened 6 years ago
Closed 6 years ago
#7327 closed defect (invalid)
libavcodec/dxva2.c:ff_dxva2_commit_buffer()function has a potential Uninitialized variable use
| Reported by: | fisher | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | undetermined |
| Version: | unspecified | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
here is the code snippet of ff_dxva2_commit_buffer()function.In the function,if CONFIG_D3D11VA and CONFIG_DXVA2 are false, |dxva_data| and |dxva_size| will be used without be assigned a value. In memcpy(dxva_data, data, size); code,it may write value to some uncontroled address.
int ff_dxva2_commit_buffer(AVCodecContext *avctx,
AVDXVAContext *ctx,
DECODER_BUFFER_DESC *dsc,
unsigned type, const void *data, unsigned size,
unsigned mb_count)
{
void *dxva_data;
unsigned dxva_size;
int result;
HRESULT hr = 0;
#if CONFIG_D3D11VA
if (ff_dxva2_is_d3d11(avctx))
hr = ID3D11VideoContext_GetDecoderBuffer(D3D11VA_CONTEXT(ctx)->video_context,
D3D11VA_CONTEXT(ctx)->decoder,
type,
&dxva_size, &dxva_data);
#endif
#if CONFIG_DXVA2
if (avctx->pix_fmt == AV_PIX_FMT_DXVA2_VLD)
hr = IDirectXVideoDecoder_GetBuffer(DXVA2_CONTEXT(ctx)->decoder, type,
&dxva_data, &dxva_size);
#endif
if (FAILED(hr)) {
av_log(avctx, AV_LOG_ERROR, "Failed to get a buffer for %u: 0x%x\n",
type, (unsigned)hr);
return -1;
}
if (size <= dxva_size) {
memcpy(dxva_data, data, size);
Change History (2)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
And it won't:
$ grep dxva2.o libavcodec/Makefile OBJS-$(CONFIG_D3D11VA) += dxva2.o OBJS-$(CONFIG_DXVA2) += dxva2.o
If both CONFIG_D3D11VA and CONFIG_DXVA2 are false, this code will never be used, and should not even be compiled.