copy dynamically allocated error messages in plugins to decoder context to avoid dangling pointer

farindk · farindk · commit 5fe3a6d43f2f · 2025-05-05T13:17:24.000+02:00
diff --git a/libheif/plugins/decoder_aom.cc b/libheif/plugins/decoder_aom.cc
@@ -37,6 +37,7 @@ struct aom_decoder
   aom_codec_iface_t* iface;
 
   bool strict_decoding = false;
+  std::string error_message;
 };
 
 static const char kSuccess[] = "Success";
@@ -255,6 +256,10 @@ struct heif_error aom_decode_image(void* decoder_raw, struct heif_image** out_im
 
     err = heif_image_add_plane(heif_img, channel2plane[c], w, h, bpp);
     if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       heif_image_release(heif_img);
       return err;
     }
diff --git a/libheif/plugins/decoder_dav1d.cc b/libheif/plugins/decoder_dav1d.cc
@@ -39,6 +39,7 @@ struct dav1d_decoder
   Dav1dContext* context;
   Dav1dData data;
   bool strict_decoding = false;
+  std::string error_message;
 };
 
 static const char kEmptyString[] = "";
@@ -275,6 +276,10 @@ struct heif_error dav1d_decode_image(void* decoder_raw, struct heif_image** out_
 
     err = heif_image_add_plane(heif_img, channel2plane[c], w, h, bpp);
     if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       heif_image_release(heif_img);
       return err;
     }
diff --git a/libheif/plugins/decoder_ffmpeg.cc b/libheif/plugins/decoder_ffmpeg.cc
@@ -41,6 +41,7 @@ struct ffmpeg_decoder
 {
     NalMap nalMap;
     bool strict_decoding = false;
+    std::string error_message;
 };
 
 static const int FFMPEG_DECODER_PLUGIN_PRIORITY = 90;
@@ -217,7 +218,7 @@ static int get_ffmpeg_format_bpp(enum AVPixelFormat pix_fmt)
   }
 }
 
-static struct heif_error hevc_decode(AVCodecContext* hevc_dec_ctx, AVFrame* hevc_frame, AVPacket* hevc_pkt, struct heif_image** image)
+static struct heif_error hevc_decode(ffmpeg_decoder* decoder, AVCodecContext* hevc_dec_ctx, AVFrame* hevc_frame, AVPacket* hevc_pkt, struct heif_image** image)
 {
     int ret;
 
@@ -288,6 +289,10 @@ static struct heif_error hevc_decode(AVCodecContext* hevc_dec_ctx, AVFrame* hevc
 
             err = heif_image_add_plane(*image, channel2plane[channel], w, h, bpp);
             if (err.code) {
+              // copy error message to decoder object because heif_image will be released
+              decoder->error_message = err.message;
+              err.message = decoder->error_message.c_str();
+
                 heif_image_release(*image);
                 return err;
             }
@@ -475,7 +480,7 @@ static struct heif_error ffmpeg_v1_decode_image(void* decoder_raw,
 
       if (hevc_pkt->size)
       {
-	err = hevc_decode(hevc_codecContext, hevc_frame, hevc_pkt, out_img);
+	err = hevc_decode(decoder, hevc_codecContext, hevc_frame, hevc_pkt, out_img);
 	if (err.code != heif_error_Ok)
 	  goto errexit;
       }
diff --git a/libheif/plugins/decoder_jpeg.cc b/libheif/plugins/decoder_jpeg.cc
@@ -36,6 +36,7 @@ extern "C" {
 struct jpeg_decoder
 {
   std::vector<uint8_t> data;
+  std::string error_message;
 };
 
 static const char kSuccess[] = "Success";
@@ -222,7 +223,15 @@ struct heif_error jpeg_decode_image(void* decoder_raw, struct heif_image** out_i
       return err;
     }
 
-    heif_image_add_plane(heif_img, heif_channel_Y, cinfo.output_width, cinfo.output_height, 8);
+    err = heif_image_add_plane(heif_img, heif_channel_Y, cinfo.output_width, cinfo.output_height, 8);
+    if (err.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
+      heif_image_release(heif_img);
+      return err;
+    }
 
     size_t y_stride;
     uint8_t* py = heif_image_get_plane2(heif_img, heif_channel_Y, &y_stride);
@@ -262,14 +271,26 @@ struct heif_error jpeg_decode_image(void* decoder_raw, struct heif_image** out_i
 
     err = heif_image_add_plane(heif_img, heif_channel_Y, cinfo.output_width, cinfo.output_height, 8);
     if (err.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       return err;
     }
     err = heif_image_add_plane(heif_img, heif_channel_Cb, (cinfo.output_width + 1) / 2, (cinfo.output_height + 1) / 2, 8);
     if (err.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       return err;
     }
     err = heif_image_add_plane(heif_img, heif_channel_Cr, (cinfo.output_width + 1) / 2, (cinfo.output_height + 1) / 2, 8);
     if (err.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       return err;
     }
 
diff --git a/libheif/plugins/decoder_libde265.cc b/libheif/plugins/decoder_libde265.cc
@@ -35,6 +35,7 @@ struct libde265_decoder
 {
   de265_decoder_context* ctx;
   bool strict_decoding = false;
+  std::string error_message;
 };
 
 static const char kEmptyString[] = "";
@@ -138,6 +139,10 @@ static struct heif_error convert_libde265_image_to_heif_image(struct libde265_de
 
     err = heif_image_add_plane(*image, channel2plane[c], w,h, bpp);
     if (err.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       heif_image_release(*image);
       return err;
     }
diff --git a/libheif/plugins/decoder_openh264.cc b/libheif/plugins/decoder_openh264.cc
@@ -33,6 +33,7 @@
 struct openh264_decoder
 {
   std::vector<uint8_t> data;
+  std::string error_message;
 };
 
 static const char kSuccess[] = "Success";
@@ -263,9 +264,35 @@ struct heif_error openh264_decode_image(void* decoder_raw, struct heif_image** o
 
     *out_img = heif_img;
 
-    heif_image_add_plane(heif_img, heif_channel_Y, width, height, 8);
-    heif_image_add_plane(heif_img, heif_channel_Cb, cwidth, cheight, 8);
-    heif_image_add_plane(heif_img, heif_channel_Cr, cwidth, cheight, 8);
+    err = heif_image_add_plane(heif_img, heif_channel_Y, width, height, 8);
+    if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
+      heif_image_release(heif_img);
+      return err;
+    }
+
+    err = heif_image_add_plane(heif_img, heif_channel_Cb, cwidth, cheight, 8);
+    if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
+      heif_image_release(heif_img);
+      return err;
+    }
+
+    err = heif_image_add_plane(heif_img, heif_channel_Cr, cwidth, cheight, 8);
+    if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
+      heif_image_release(heif_img);
+      return err;
+    }
 
     size_t y_stride;
     size_t cb_stride;
diff --git a/libheif/plugins/decoder_openjpeg.cc b/libheif/plugins/decoder_openjpeg.cc
@@ -28,6 +28,7 @@
 #include <vector>
 #include <cassert>
 #include <memory>
+#include <err.h>
 
 static const int OPENJPEG_PLUGIN_PRIORITY = 100;
 static const int OPENJPEG_PLUGIN_PRIORITY_HTJ2K = 90;
@@ -36,6 +37,7 @@ struct openjpeg_decoder
 {
   std::vector<uint8_t> encoded_data;
   size_t read_position = 0;
+  std::string error_message;
 };
 
 
@@ -368,6 +370,15 @@ struct heif_error openjpeg_decode_image(void* decoder_raw, struct heif_image** o
     int cheight = opj_comp.h;
 
     error = heif_image_add_plane(*out_img, channels[c], cwidth, cheight, bit_depth);
+    if (error.code) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = error.message;
+      error.message = decoder->error_message.c_str();
+
+      heif_image_release(*out_img);
+      *out_img = nullptr;
+      return error;
+    }
 
     size_t stride = 0;
     uint8_t* p = heif_image_get_plane2(*out_img, channels[c], &stride);
diff --git a/libheif/plugins/decoder_vvdec.cc b/libheif/plugins/decoder_vvdec.cc
@@ -42,6 +42,7 @@ struct vvdec_decoder
   bool strict_decoding = false;
 
   std::vector<std::vector<uint8_t>> nalus;
+  std::string error_message;
 };
 
 static const char kSuccess[] = "Success";
@@ -298,6 +299,10 @@ struct heif_error vvdec_decode_image(void* decoder_raw, struct heif_image** out_
 
     err = heif_image_add_plane(heif_img, channel2plane[c], w, h, bpp);
     if (err.code != heif_error_Ok) {
+      // copy error message to decoder object because heif_image will be released
+      decoder->error_message = err.message;
+      err.message = decoder->error_message.c_str();
+
       heif_image_release(heif_img);
       return err;
     }

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,7 @@ struct ffmpeg_decoder`
`41`	`41`	`{`
`42`	`42`	`NalMap nalMap;`
`43`	`43`	`bool strict_decoding = false;`
	`44`	`+ std::string error_message;`
`44`	`45`	`};`
`45`	`46`
`46`	`47`	`static const int FFMPEG_DECODER_PLUGIN_PRIORITY = 90;`
`@@ -217,7 +218,7 @@ static int get_ffmpeg_format_bpp(enum AVPixelFormat pix_fmt)`
`217`	`218`	`}`
`218`	`219`	`}`
`219`	`220`
`220`		`-static struct heif_error hevc_decode(AVCodecContext* hevc_dec_ctx, AVFrame* hevc_frame, AVPacket* hevc_pkt, struct heif_image** image)`
	`221`	`+static struct heif_error hevc_decode(ffmpeg_decoder* decoder, AVCodecContext* hevc_dec_ctx, AVFrame* hevc_frame, AVPacket* hevc_pkt, struct heif_image** image)`
`221`	`222`	`{`
`222`	`223`	`int ret;`
`223`	`224`
`@@ -288,6 +289,10 @@ static struct heif_error hevc_decode(AVCodecContext* hevc_dec_ctx, AVFrame* hevc`
`288`	`289`
`289`	`290`	`err = heif_image_add_plane(*image, channel2plane[channel], w, h, bpp);`
`290`	`291`	`if (err.code) {`
	`292`	`+ // copy error message to decoder object because heif_image will be released`
	`293`	`+ decoder->error_message = err.message;`
	`294`	`+ err.message = decoder->error_message.c_str();`
	`295`	`+`
`291`	`296`	`heif_image_release(*image);`
`292`	`297`	`return err;`
`293`	`298`	`}`
`@@ -475,7 +480,7 @@ static struct heif_error ffmpeg_v1_decode_image(void* decoder_raw,`
`475`	`480`
`476`	`481`	`if (hevc_pkt->size)`
`477`	`482`	`{`
`478`		`- err = hevc_decode(hevc_codecContext, hevc_frame, hevc_pkt, out_img);`
	`483`	`+ err = hevc_decode(decoder, hevc_codecContext, hevc_frame, hevc_pkt, out_img);`
`479`	`484`	`if (err.code != heif_error_Ok)`
`480`	`485`	`goto errexit;`
`481`	`486`	`}`