[FFmpeg-devel] [PATCH] avcodec/pngdec: fix possible race condition with APNG decoding
Anton Khirnov
anton at khirnov.net
Sun Feb 14 12:20:58 EET 2021
Quoting Paul B Mahol (2021-02-11 22:58:33)
> Fixes #9017
>
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavcodec/pngdec.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
> index 395b86bbe7..61642b7cbe 100644
> --- a/libavcodec/pngdec.c
> +++ b/libavcodec/pngdec.c
> @@ -711,13 +711,13 @@ static int decode_idat_chunk(AVCodecContext *avctx, PNGDecContext *s,
> s->bpp += byte_depth;
> }
>
> - if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0)
> - return ret;
> if (avctx->codec_id == AV_CODEC_ID_APNG && s->last_dispose_op != APNG_DISPOSE_OP_PREVIOUS) {
> ff_thread_release_buffer(avctx, &s->previous_picture);
> if ((ret = ff_thread_get_buffer(avctx, &s->previous_picture, AV_GET_BUFFER_FLAG_REF)) < 0)
> return ret;
> }
> + if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0)
> + return ret;
> p->pict_type = AV_PICTURE_TYPE_I;
> p->key_frame = 1;
> p->interlaced_frame = !!s->interlace_type;
> --
> 2.17.1
It's pretty non-obvious what the race is and how is it fixed by
reordering the calls.
--
Anton Khirnov
More information about the ffmpeg-devel
mailing list