[FFmpeg-devel] [PATCH] avcodec/pngdec: fix possible race condition with APNG decoding
Paul B Mahol
onemda at gmail.com
Sun Feb 14 12:41:20 EET 2021
On Sun, Feb 14, 2021 at 11:21 AM Anton Khirnov <anton at khirnov.net> wrote:
> Quoting Paul B Mahol (2021-02-11 22:58:33)
> > Fixes #9017
> >
> > Signed-off-by: Paul B Mahol <onemda at gmail.com>
> > ---
> > libavcodec/pngdec.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
> > index 395b86bbe7..61642b7cbe 100644
> > --- a/libavcodec/pngdec.c
> > +++ b/libavcodec/pngdec.c
> > @@ -711,13 +711,13 @@ static int decode_idat_chunk(AVCodecContext
> *avctx, PNGDecContext *s,
> > s->bpp += byte_depth;
> > }
> >
> > - if ((ret = ff_thread_get_buffer(avctx, &s->picture,
> AV_GET_BUFFER_FLAG_REF)) < 0)
> > - return ret;
> > if (avctx->codec_id == AV_CODEC_ID_APNG && s->last_dispose_op
> != APNG_DISPOSE_OP_PREVIOUS) {
> > ff_thread_release_buffer(avctx, &s->previous_picture);
> > if ((ret = ff_thread_get_buffer(avctx,
> &s->previous_picture, AV_GET_BUFFER_FLAG_REF)) < 0)
> > return ret;
> > }
> > + if ((ret = ff_thread_get_buffer(avctx, &s->picture,
> AV_GET_BUFFER_FLAG_REF)) < 0)
> > + return ret;
> > p->pict_type = AV_PICTURE_TYPE_I;
> > p->key_frame = 1;
> > p->interlaced_frame = !!s->interlace_type;
> > --
> > 2.17.1
>
> It's pretty non-obvious what the race is and how is it fixed by
> reordering the calls.
>
Before patch hash of decoded output would differ with single threading and
multiple threads.
Now it does not.
>
> --
> Anton Khirnov
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-devel
mailing list