diff mbox series

[FFmpeg-devel,v2] avcodec/vp9: avoid using uninitialized mutex/condition

Message ID 20210902091910.13300-1-robux4@ycbcr.xyz
State New
Headers show
Series [FFmpeg-devel,v2] avcodec/vp9: avoid using uninitialized mutex/condition | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Steve Lhomme Sept. 2, 2021, 9:19 a.m. UTC 
When using slice decoding vp9_free_entries() is called before
vp9_alloc_entries() is ever called. It should destroy properly
initialized variables (or check it was never called before).

It usually works undetected as pthread implementations allows NULL as a
special value (and should return EINVAL but doesn't). But pthreadGC2
doesn't allow NULL in pthread_mutex_destroy() and crashes when that's
the case.
---
 libavcodec/vp9.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Steve Lhomme Sept. 2, 2021, 9:22 a.m. UTC | #1 
v2: shorter commit lines and removed an extra space, now I realize it's 
the wrong one, the original being also wrong...

On 2021-09-02 11:19, Steve Lhomme wrote:
> When using slice decoding vp9_free_entries() is called before
> vp9_alloc_entries() is ever called. It should destroy properly
> initialized variables (or check it was never called before).
> 
> It usually works undetected as pthread implementations allows NULL as a
> special value (and should return EINVAL but doesn't). But pthreadGC2
> doesn't allow NULL in pthread_mutex_destroy() and crashes when that's
> the case.
> ---
>   libavcodec/vp9.c | 6 +++++-
>   1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
> index 874005a5ae..8a3d82da09 100644
> --- a/libavcodec/vp9.c
> +++ b/libavcodec/vp9.c
> @@ -42,7 +42,7 @@
>   static void vp9_free_entries(AVCodecContext *avctx) {
>       VP9Context *s = avctx->priv_data;
>   
> -    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
> +    if (avctx->active_thread_type & FF_THREAD_SLICE) {
>           pthread_mutex_destroy(&s->progress_mutex);
>           pthread_cond_destroy(&s->progress_cond);
>           av_freep(&s->entries);
> @@ -1796,6 +1796,10 @@ static av_cold int vp9_decode_init(AVCodecContext *avctx)
>   
>       s->last_bpp = 0;
>       s->s.h.filter.sharpness = -1;
> +    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
> +        pthread_mutex_init(&s->progress_mutex, NULL);
> +        pthread_cond_init(&s->progress_cond, NULL);
> +    }
>   
>       for (int i = 0; i < 3; i++) {
>           s->s.frames[i].tf.f = av_frame_alloc();
> -- 
> 2.29.2
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
diff mbox series

Patch

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 874005a5ae..8a3d82da09 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -42,7 +42,7 @@ 
 static void vp9_free_entries(AVCodecContext *avctx) {
     VP9Context *s = avctx->priv_data;
 
-    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+    if (avctx->active_thread_type & FF_THREAD_SLICE) {
         pthread_mutex_destroy(&s->progress_mutex);
         pthread_cond_destroy(&s->progress_cond);
         av_freep(&s->entries);
@@ -1796,6 +1796,10 @@  static av_cold int vp9_decode_init(AVCodecContext *avctx)
 
     s->last_bpp = 0;
     s->s.h.filter.sharpness = -1;
+    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+        pthread_mutex_init(&s->progress_mutex, NULL);
+        pthread_cond_init(&s->progress_cond, NULL);
+    }
 
     for (int i = 0; i < 3; i++) {
         s->s.frames[i].tf.f = av_frame_alloc();