cbs: Don't set AVBuffer's opaque

cbs is currently inconsistent regarding the opaque field that can be
used as a special argument to av_buffer_create in order to be used
during freeing the buffer: ff_cbs_alloc_unit_content and all the free
functions used name this parameter as if it should contain a pointer to
the unit whose content is about to be created; but both
ff_cbs_alloc_unit_content as well as ff_cbs_h264_add_sei_message
actually use a pointer to the CodedBitstreamContext as opaque. It should
actually be neither, because it is unneeded (as is evidenced by the fact
that none of the free functions use this pointer at all) and because it
ties the unit's content to the lifetime of other objects, although a
refcounted buffer is supposed to have its own lifetime that only ends
when its reference count reaches zero. This problem manifests itself in
the pointer becoming dangling.
The pointer to the unit can become dangling if another unit is added to
the fragment later as happens in the bitstream filters; in this case,
the pointer can point to the wrong unit (if the fragment's unit array
needn't be relocated) or it can point to where the array was earlier.
It can also become dangling if the unit's content is meant to survive
the resetting of the fragment it was originally read with. This applies
to the extradata of H.264 and HEVC.
The pointer to the context can become dangling if the context is closed
before the content is freed. Although this doesn't seem to happen right
now, it could happen, in particular if one uses different
CodedBitstreamContexts for in- and output.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavcodec/cbs.c b/libavcodec/cbs.c
index 235041650175a4b9a959680a819b0c0e8ebd21aa..1a43cd2694653763585864265523c71bbbcbea11 100644 (file)
--- a/libavcodec/cbs.c
+++ b/libavcodec/cbs.c
@@ -597,7 +597,7 @@ int ff_cbs_alloc_unit_content(CodedBitstreamContext *ctx,
         return AVERROR(ENOMEM);
 
     unit->content_ref = av_buffer_create(unit->content, size,
-                                         free, ctx, 0);
+                                         free, NULL, 0);
     if (!unit->content_ref) {
         av_freep(&unit->content);
         return AVERROR(ENOMEM);

diff --git a/libavcodec/cbs.h b/libavcodec/cbs.h
index fe57e7b2a57bee7432e1704ced5a423066a7af20..7c341bffe77f22dd8febd8ef2598e00bdf86470c 100644 (file)
--- a/libavcodec/cbs.h
+++ b/libavcodec/cbs.h
@@ -341,7 +341,7 @@ void ff_cbs_fragment_free(CodedBitstreamContext *ctx,
 int ff_cbs_alloc_unit_content(CodedBitstreamContext *ctx,
                               CodedBitstreamUnit *unit,
                               size_t size,
-                              void (*free)(void *unit, uint8_t *content));
+                              void (*free)(void *opaque, uint8_t *content));
 
 /**
  * Allocate a new internal data buffer of the given size in the unit.

diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c
index 288ef8e14b5c86c5276376d6024e26d4c4208701..98cd37ef74963dfb82e0cc749bfb7d728c55b70a 100644 (file)
--- a/libavcodec/cbs_av1.c
+++ b/libavcodec/cbs_av1.c
@@ -829,7 +829,7 @@ static void cbs_av1_free_metadata(AV1RawMetadata *md)
     }
 }
 
-static void cbs_av1_free_obu(void *unit, uint8_t *content)
+static void cbs_av1_free_obu(void *opaque, uint8_t *content)
 {
     AV1RawOBU *obu = (AV1RawOBU*)content;
 

diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c
index 0f697434e523ac6c0d07392e3683f75032826a8c..1c35be51e7c3ae756018aed4b5d75d221d477d4c 100644 (file)
--- a/libavcodec/cbs_h2645.c
+++ b/libavcodec/cbs_h2645.c
@@ -443,7 +443,7 @@ static int cbs_h2645_read_more_rbsp_data(GetBitContext *gbc)
 #undef allocate
 
 
-static void cbs_h264_free_pps(void *unit, uint8_t *content)
+static void cbs_h264_free_pps(void *opaque, uint8_t *content)
 {
     H264RawPPS *pps = (H264RawPPS*)content;
     av_buffer_unref(&pps->slice_group_id_ref);
@@ -473,7 +473,7 @@ static void cbs_h264_free_sei_payload(H264RawSEIPayload *payload)
     }
 }
 
-static void cbs_h264_free_sei(void *unit, uint8_t *content)
+static void cbs_h264_free_sei(void *opaque, uint8_t *content)
 {
     H264RawSEI *sei = (H264RawSEI*)content;
     int i;
@@ -482,35 +482,35 @@ static void cbs_h264_free_sei(void *unit, uint8_t *content)
     av_freep(&content);
 }
 
-static void cbs_h264_free_slice(void *unit, uint8_t *content)
+static void cbs_h264_free_slice(void *opaque, uint8_t *content)
 {
     H264RawSlice *slice = (H264RawSlice*)content;
     av_buffer_unref(&slice->data_ref);
     av_freep(&content);
 }
 
-static void cbs_h265_free_vps(void *unit, uint8_t *content)
+static void cbs_h265_free_vps(void *opaque, uint8_t *content)
 {
     H265RawVPS *vps = (H265RawVPS*)content;
     av_buffer_unref(&vps->extension_data.data_ref);
     av_freep(&content);
 }
 
-static void cbs_h265_free_sps(void *unit, uint8_t *content)
+static void cbs_h265_free_sps(void *opaque, uint8_t *content)
 {
     H265RawSPS *sps = (H265RawSPS*)content;
     av_buffer_unref(&sps->extension_data.data_ref);
     av_freep(&content);
 }
 
-static void cbs_h265_free_pps(void *unit, uint8_t *content)
+static void cbs_h265_free_pps(void *opaque, uint8_t *content)
 {
     H265RawPPS *pps = (H265RawPPS*)content;
     av_buffer_unref(&pps->extension_data.data_ref);
     av_freep(&content);
 }
 
-static void cbs_h265_free_slice(void *unit, uint8_t *content)
+static void cbs_h265_free_slice(void *opaque, uint8_t *content)
 {
     H265RawSlice *slice = (H265RawSlice*)content;
     av_buffer_unref(&slice->data_ref);
@@ -545,7 +545,7 @@ static void cbs_h265_free_sei_payload(H265RawSEIPayload *payload)
     }
 }
 
-static void cbs_h265_free_sei(void *unit, uint8_t *content)
+static void cbs_h265_free_sei(void *opaque, uint8_t *content)
 {
     H265RawSEI *sei = (H265RawSEI*)content;
     int i;
@@ -1615,7 +1615,7 @@ int ff_cbs_h264_add_sei_message(CodedBitstreamContext *ctx,
         sei->nal_unit_header.nal_ref_idc   = 0;
 
         sei_ref = av_buffer_create((uint8_t*)sei, sizeof(*sei),
-                                   &cbs_h264_free_sei, ctx, 0);
+                                   &cbs_h264_free_sei, NULL, 0);
         if (!sei_ref) {
             av_freep(&sei);
             return AVERROR(ENOMEM);

diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c
index c46abd0a459a432cd7b9be7c736607c1a8513447..a20f062f1be04d565ae1b140308a97dce8d99820 100644 (file)
--- a/libavcodec/cbs_jpeg.c
+++ b/libavcodec/cbs_jpeg.c
@@ -82,21 +82,21 @@
 #undef xu
 
 
-static void cbs_jpeg_free_application_data(void *unit, uint8_t *content)
+static void cbs_jpeg_free_application_data(void *opaque, uint8_t *content)
 {
     JPEGRawApplicationData *ad = (JPEGRawApplicationData*)content;
     av_buffer_unref(&ad->Ap_ref);
     av_freep(&content);
 }
 
-static void cbs_jpeg_free_comment(void *unit, uint8_t *content)
+static void cbs_jpeg_free_comment(void *opaque, uint8_t *content)
 {
     JPEGRawComment *comment = (JPEGRawComment*)content;
     av_buffer_unref(&comment->Cm_ref);
     av_freep(&content);
 }
 
-static void cbs_jpeg_free_scan(void *unit, uint8_t *content)
+static void cbs_jpeg_free_scan(void *opaque, uint8_t *content)
 {
     JPEGRawScan *scan = (JPEGRawScan*)content;
     av_buffer_unref(&scan->data_ref);

diff --git a/libavcodec/cbs_mpeg2.c b/libavcodec/cbs_mpeg2.c
index 516b728a64363725278062610e0fe7002162022b..3e6797bd42502816be25666a4d11b3c3d1586510 100644 (file)
--- a/libavcodec/cbs_mpeg2.c
+++ b/libavcodec/cbs_mpeg2.c
@@ -140,21 +140,21 @@
 #undef infer
 
 
-static void cbs_mpeg2_free_picture_header(void *unit, uint8_t *content)
+static void cbs_mpeg2_free_picture_header(void *opaque, uint8_t *content)
 {
     MPEG2RawPictureHeader *picture = (MPEG2RawPictureHeader*)content;
     av_buffer_unref(&picture->extra_information_picture.extra_information_ref);
     av_freep(&content);
 }
 
-static void cbs_mpeg2_free_user_data(void *unit, uint8_t *content)
+static void cbs_mpeg2_free_user_data(void *opaque, uint8_t *content)
 {
     MPEG2RawUserData *user = (MPEG2RawUserData*)content;
     av_buffer_unref(&user->user_data_ref);
     av_freep(&content);
 }
 
-static void cbs_mpeg2_free_slice(void *unit, uint8_t *content)
+static void cbs_mpeg2_free_slice(void *opaque, uint8_t *content)
 {
     MPEG2RawSlice *slice = (MPEG2RawSlice*)content;
     av_buffer_unref(&slice->header.extra_information_slice.extra_information_ref);

diff --git a/libavcodec/cbs_vp9.c b/libavcodec/cbs_vp9.c
index 7102bb87d31126539e81672d1bc3397de8fc401a..bd172100fcdbf4a0ab0021d0f9d508f75e3152e3 100644 (file)
--- a/libavcodec/cbs_vp9.c
+++ b/libavcodec/cbs_vp9.c
@@ -474,7 +474,7 @@ static int cbs_vp9_split_fragment(CodedBitstreamContext *ctx,
     return 0;
 }
 
-static void cbs_vp9_free_frame(void *unit, uint8_t *content)
+static void cbs_vp9_free_frame(void *opaque, uint8_t *content)
 {
     VP9RawFrame *frame = (VP9RawFrame*)content;
     av_buffer_unref(&frame->data_ref);