From 954f023c74425d097c7ee45c1d9a37a7fafe778c Mon Sep 17 00:00:00 2001 From: Neelkamal Semwal Date: Fri, 12 Mar 2021 10:15:49 +0530 Subject: [PATCH] encoder: fix invalid free of raw buffers Return current input buffer as buffer to be freed in case of errors that are seen before picking up the input buffer to be from the input queue. Once a buffer is picked up from the queue, that is returned as the buffer to be freed. There is no need to return a buffer from ps_proc context Bug: 180643802 Test: poc in the bug description Test: atest CtsMediaV2TestCases:CodecEncoderTest Test: atest VtsHalMediaC2V1_0TargetVideoEncTest Change-Id: I1671ca1e82f522004d1f070df89b256b856f75b8 --- encoder/ih264e_encode.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/encoder/ih264e_encode.c b/encoder/ih264e_encode.c index 9210b3e..6a4e3a2 100644 --- a/encoder/ih264e_encode.c +++ b/encoder/ih264e_encode.c @@ -228,6 +228,9 @@ WORD32 ih264e_encode(iv_obj_t *ps_codec_obj, void *pv_api_ip, void *pv_api_op) ps_video_encode_op->s_ive_op.output_present = 0; ps_video_encode_op->s_ive_op.dump_recon = 0; ps_video_encode_op->s_ive_op.u4_encoded_frame_type = IV_NA_FRAME; + /* By default set the current input buffer as the buffer to be freed */ + /* This will later be updated to the actual input that gets encoded */ + ps_video_encode_op->s_ive_op.s_inp_buf = ps_video_encode_ip->s_ive_ip.s_inp_buf; /* Check for output memory allocation size */ if (ps_video_encode_ip->s_ive_ip.s_out_buf.u4_bufsize < MIN_STREAM_SIZE) @@ -474,6 +477,9 @@ WORD32 ih264e_encode(iv_obj_t *ps_codec_obj, void *pv_api_ip, void *pv_api_op) s_out_buf.u4_is_last = s_inp_buf.u4_is_last; ps_video_encode_op->s_ive_op.u4_is_last = s_inp_buf.u4_is_last; + /* Send the input to application so that it can free it */ + ps_video_encode_op->s_ive_op.s_inp_buf = s_inp_buf.s_raw_buf; + /* Only encode if the current frame is not pre-encode skip */ if (!i4_rc_pre_enc_skip && s_inp_buf.s_raw_buf.apv_bufs[0]) { @@ -774,12 +780,6 @@ WORD32 ih264e_encode(iv_obj_t *ps_codec_obj, void *pv_api_ip, void *pv_api_op) } else { - /* proc ctxt base idx */ - WORD32 proc_ctxt_select = ctxt_sel * MAX_PROCESS_THREADS; - - /* proc ctxt */ - process_ctxt_t *ps_proc = &ps_codec->as_process[proc_ctxt_select]; - /* receive output back from codec */ s_out_buf = ps_codec->as_out_buf[ctxt_sel]; @@ -790,18 +790,11 @@ WORD32 ih264e_encode(iv_obj_t *ps_codec_obj, void *pv_api_ip, void *pv_api_op) ps_video_encode_op->s_ive_op.u4_timestamp_low = 0; ps_video_encode_op->s_ive_op.u4_timestamp_high = 0; - /* receive input back from codec and send it to app */ - s_inp_buf = ps_proc->s_inp_buf; - ps_video_encode_op->s_ive_op.s_inp_buf = s_inp_buf.s_raw_buf; - ps_video_encode_op->s_ive_op.u4_encoded_frame_type = IV_NA_FRAME; } - /* Send the input to encoder so that it can free it if possible */ ps_video_encode_op->s_ive_op.s_out_buf = s_out_buf.s_bits_buf; - ps_video_encode_op->s_ive_op.s_inp_buf = s_inp_buf.s_raw_buf; - if (1 == s_inp_buf.u4_is_last) {