Skip to content

codecs: h265: Do not free slice header before using it

The v4l2codecs H.265 decoder uses the GstH265SliceHdr::entry_point_offset_minus1 array so make sure that it is not freed before decoding the frame.

Before this patch, some H.265 input would segfault in gst_v4l2_codec_h265_dec_fill_slice_params() when executing the line:

guint32 entry_point_offset = slice_hdr->entry_point_offset_minus1[i] + 1;

I'm not confident that this is the right fix as this may leak memory or may be a bug in v4l2codecs instead.

Here are my steps to reproduce:

$ docker run -it -v $GSTREAMER_SRC_PATH:$GSTREAMER_SRC_PATH --device /dev/kvm registry.freedesktop.org/detlev.c/gstreamer/amd64/fedora:2023-09-28.1-f34tlbx-v4l2sl-tests-main /bin/bash

In docker:

# cd $GSTREAMER_SRC_PATH
# meson setup --default-library=static -Dgstreamer:gst_debug=false -Dgstreamer:gst_debug=true -Dauto_features=disabled -Dgstreamer:check=enabled -Ddoc=disabled -Dtests=enabled -Dtools=enabled -Dbase=enabled -Dbad=enabled -Dugly=disabled -Dlibav=disabled -Drtsp_server=disabled -Dges=disabled -Dgst-plugins-bad:v4l2codecs=enabled -Dgst-plugins-bad:videoparsers=enabled -Dgst-plugins-bad:ivfparse=enabled -Dgst-plugins-base:app=enabled -Dgst-plugins-base:videoconvertscale=enabled --native-file ./ci/meson/gst-werror.ini -Dgst-plugins-base:parsebin=enabled -Dgst-plugins-good:matroska=enabled -Dgst-plugins-base:typefind=enabled build
# meson compile -C build
# wget https://www.itu.int/wftp3/av-arch/jctvc-site/bitstream_exchange/draft_conformance/HEVC_v1/CAINIT_E_SHARP_3.zip
# unzip CAINIT_E_SHARP_3.zip
# virtme-run --memory=1024M --rw --pwd --kimg /opt/linux/bzImage --qemu-opts -cpu host,pdcm=off -smp 2

In virtme:

# meson devenv -C build gst-launch-1.0 --no-fault filesrc location=$(pwd)/CAINIT_E_SHARP_3.bit ! h265parse ! v4l2slh265dec ! video/x-raw ! videoconvert dither=none ! video/x-raw,format=I420 ! filesink location=/dev/null

Merge request reports

Loading