From patchwork Thu Feb 11 21:58:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul B Mahol X-Patchwork-Id: 25588 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id D5ABD44AF45 for ; Fri, 12 Feb 2021 00:03:58 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A555568AB82; Fri, 12 Feb 2021 00:03:58 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5C3D768A2CA for ; Fri, 12 Feb 2021 00:03:52 +0200 (EET) Received: by mail-lj1-f180.google.com with SMTP id a17so9274690ljq.2 for ; Thu, 11 Feb 2021 14:03:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=BKEI8Qi5QQfKj+2SPlJzHcbbG0bVpJS4B2g68LVQSS4=; b=rZ6sEWS/wpNTQ9zswJklLsQ0IJc/jF7Ge8l5fmB/pFaivhj2H6+jnaxAtD32nKWxA/ TdZ/kplBx0mV9Y+P9+zKUzxGjL4qx5VaAc6J3NmVI8LVhYJGlsvZ+Qy3RUBQ7To5tj/t 46Knrp3o05jAtpwrsJsXIo2Y3pusY3YUWfOp1pvlsQB+KPboU890GtaRyyRK7ouYicdX f6r8tKyIZJJMRAGytnWJYEXvrwRRAinqjKLeTbnTloOZOwQ+/frQHqvwqvq4iZqy9ffb tRcHL2bglm/Nv5PxEJCxo3y6DGlNlvuWzMbh8ziWuQMKwS5WgPepVy5EieS0VyZFuc8f fzew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=BKEI8Qi5QQfKj+2SPlJzHcbbG0bVpJS4B2g68LVQSS4=; b=WLs5T1SOODZ5kIJUbFM7+kriR295bl6b9I68uJuNvwU/Zzreq4xvi3Y3adWoamoe8b glOKw0U0dVN5KbBXglZndBreo0JpfFwkBzqZZ3XhIAiFl0SoBMf8GmtGtY1mIMACDl0Y 9YWqm4LdRQOYOEj19lVj120+TqRcSNkB7ynM2JPDPUo8J7FYmmUmJ8AeTDLv6Rc/qh5Q 6IvnqpRu7+aow58O0cTpTBK9DtjhqrttUv0UUPEjS9kxFc0LoS6n1ktP6MTlflUZjtN/ +/91mE0lkDczeVg+tOYqACpbmV79+gE/2T6iLlPVyb8drferx6IDLG/mdn286msa20zQ Zn6g== X-Gm-Message-State: AOAM533A2BBx8VBzV2zAOCsN57YluOfwoPr67bxMqsvYGSQ9anjjJuHC WGOd3bnq41SbzPm/sG5Od6L6aIOciJw3IQ== X-Google-Smtp-Source: ABdhPJwDhJuwNJTZx/CvJ9FQ+GKze1RyqcscO/Xywdyh/XIgW9PCr0WJ5LyzNc8pSIY0KqUkTf+RiA== X-Received: by 2002:a17:906:b09a:: with SMTP id x26mr10684297ejy.199.1613080723063; Thu, 11 Feb 2021 13:58:43 -0800 (PST) Received: from localhost.localdomain ([212.15.167.195]) by smtp.gmail.com with ESMTPSA id t11sm4875252edd.1.2021.02.11.13.58.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Feb 2021 13:58:42 -0800 (PST) From: Paul B Mahol To: ffmpeg-devel@ffmpeg.org Date: Thu, 11 Feb 2021 22:58:33 +0100 Message-Id: <20210211215833.3133-1-onemda@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/pngdec: fix possible race condition with APNG decoding X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Fixes #9017 Signed-off-by: Paul B Mahol --- libavcodec/pngdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 395b86bbe7..61642b7cbe 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -711,13 +711,13 @@ static int decode_idat_chunk(AVCodecContext *avctx, PNGDecContext *s, s->bpp += byte_depth; } - if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0) - return ret; if (avctx->codec_id == AV_CODEC_ID_APNG && s->last_dispose_op != APNG_DISPOSE_OP_PREVIOUS) { ff_thread_release_buffer(avctx, &s->previous_picture); if ((ret = ff_thread_get_buffer(avctx, &s->previous_picture, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; } + if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0) + return ret; p->pict_type = AV_PICTURE_TYPE_I; p->key_frame = 1; p->interlaced_frame = !!s->interlace_type;