From patchwork Sat Aug 13 15:03:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 37253 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3d0d:b0:8d:a68e:8a0e with SMTP id y13csp391055pzi; Sat, 13 Aug 2022 08:03:50 -0700 (PDT) X-Google-Smtp-Source: AA6agR7uFvx+DSz+Yj4evMF0jwIPKBklKVQC/qC9bqWgrb1p8BuQCCOW0sqUrOxhoBpwsZ5CFLLC X-Received: by 2002:a17:907:2c68:b0:730:9272:8c7f with SMTP id ib8-20020a1709072c6800b0073092728c7fmr5811398ejc.528.1660403030323; Sat, 13 Aug 2022 08:03:50 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id f12-20020a1709062c4c00b007331498ad9bsi3377389ejh.540.2022.08.13.08.03.49; Sat, 13 Aug 2022 08:03:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=SDI7WHno; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9787E68B939; Sat, 13 Aug 2022 18:03:32 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-oln040092068024.outbound.protection.outlook.com [40.92.68.24]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1E33768B825 for ; Sat, 13 Aug 2022 18:03:26 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K+gKmMiDpdrvyUYY3X+PX6W5Ze9Nkx33yz+NUGYKqPteMX6amanx+xDYy1z5dwHpfyrbCOm5C+yd1FYB4zepQ5Do7NUcIsKs/WF0swKQnSm7GUL5xTKiCp0tH6XN+E4xuRwslXDZNJeDQnVjgwu2pFoIjO/fOMCs8TgDIYNbGxAH5N3Fa8jXA8p7zrZTRoM1MF5uzDTQQa2citCHP6NHmtKOZ/39tkK7EDG55lpgCBZf9bf60/Lo0XR9IN+uIfWZpWUe65UlKsTfSfxQo5HnW0CBM+mx4L66DMBr6q2YxzCL6VF3LT6pRBz/F/a28paPSiYpx/PDj5CCR4fFKo3PZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WbL/b6TTm46odjScJ4FTBKf4v31f1ZcT7IdPT1OmNFw=; b=aTjNtW6ayrXsoeSpvYjNVWy9WaADD48sNergODWdD4CVusl4ami3VahNZ+BFYqeVUQYN5kpLlGKkktpUxtbGuJvc1qY5GVif3zUtiplDIIlsYhDVl3m5IgiwZHCrbOc3ZMhRFBUj/+Yi4cNWauY6GUPmr5N5r/U5a2MB1oFpKyGtW7RRkjkwrpzL+8dGEtr7gZyQboWKZR0zoI3+3Prfn6Oe0gBZV2hH8Fe/LTtkG9LVRdqf/EfKiYBzwHBhdETjkqhF8NpNGuBCfKNt8Z8XdePnmwiAcV0rC0lfUbydBR+P8W/mnc80xfdEKCjk7zIClvyDMbw8RiQ7DD2Ux5HqhA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WbL/b6TTm46odjScJ4FTBKf4v31f1ZcT7IdPT1OmNFw=; b=SDI7WHno1dzDnBz34jYZrBxWpqpDK3minneB/E9zkjZ78mg4Q4IuL4tl5iiUpCh/V4j0yaQEtrNjwEdXv8wo8OsIkqm35mTfOSyeMSR45UmSe3ZMMWY6/p5OB8Q5I3RdNwp+LwX87DWE6f5VL220ElcLFGh+YXzAu7l86BuN0Tgb3dzciSeJeX2NEj3vBk5EkY+98BxhWCCp4yODzdobiHAmQJ5UHvnNpV8OA0HUcimbVYHbpIuiXOnWSX7x3BhbtIl7qDRCugXbyq+LOs0/bzFW/Kw1S164R1GIj0tly/rhfT5QDZoUAiQCCJJCPm9Gegh41ySgZ2Fx94zoFXqwTg== Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) by AS1PR01MB9370.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d4::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5525.11; Sat, 13 Aug 2022 15:03:19 +0000 Received: from DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::210e:b627:bcc9:8c46]) by DB6PR0101MB2214.eurprd01.prod.exchangelabs.com ([fe80::210e:b627:bcc9:8c46%11]) with mapi id 15.20.5504.025; Sat, 13 Aug 2022 15:03:19 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 13 Aug 2022 17:03:04 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: X-TMN: [NhwvnxAvmE+uzX0OG0fYppfuYaBLi/tE] X-ClientProxiedBy: AS9PR0301CA0034.eurprd03.prod.outlook.com (2603:10a6:20b:469::23) To DB6PR0101MB2214.eurprd01.prod.exchangelabs.com (2603:10a6:4:42::27) X-Microsoft-Original-Message-ID: <20220813150306.1116206-3-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c4562916-2f9b-4c43-d741-08da7d3cf515 X-MS-Exchange-SLBlob-MailProps: gjx25WM8ZNUVf4505pHrBAhYXFbRlVUGyJXY0X9N6vGUaWBfq1hKFmU/Mt/SaJtZ14DKKOuKPGVtLgF4ctXj1/2y4pGnMzCo15JNmhzhPar+D94awwo2e62Kx7gaesN4JhbQxwYOU4R95qE4qcAv6Ts/glIw6rcusnBY5DIE9Or/XNaGpX5wri4bjrPg3+UHg4hLAzsGSEouNhPMifkJmMLu4Ozdpb4pKEHJvrbgBrDUf+Huyn3Rg0btS4O7N5MjwMKTusP7ZxXuWycH8evmyngNaGgTa9BrMQMd9OQvVyICdPX7/SNRxhyYk91FcZCmElSU6LLWF+Z79Ise0yjJ8lszZGLI8jQ6hCinILFSmB940bsHT2HvPT9KuH42GW0tXwttobclnKd1BOF9XAgxyiUK9rFd9+xpkOwRS7FrAj9h9fWu/lNQeztRpWKRj8Ts/1i28rBwdGdQFJFgGR5ltIiEHTjnjJJPLQVSb6XXnpV/Q3S09r1lI15v0Zjji3NH3b+fKSZZfAG4KvjbhsrsCHTb/8nA1qJ8FPKFicRwOPUVT3T+MA7/HPaqcgBSS0FQwO9Dn14jZkd5UYBGBrNTSTBwC6oxQoq2ezgUX3UVAT6qL/KsHihrOnYEdVmrlH4MhrNCwJFfGOUAxpSSuX2KK2ys7TL0kbQR1yQ0PP77IAwS0On9L9M3sV33NvZjIrX9XsZtQ26KmgPgqrxaivNQkgLTV0kY33ssWEHQ0m44ijo= X-MS-TrafficTypeDiagnostic: AS1PR01MB9370:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lLxSg5HXx9IuQRN+/UV820c4CznxGVv6KJOyUkQArX0erFCloYhs03t9if0ap8CLkY3nKUsmmbg970LXOhGEHe2bE+0MheyT0bbVCg5XbUybat7O6NLeOgnvD/l4MqY93hqiqugt0nZlDUQ4gccC3YDjtj+igsQnbbuMdOvary5RBZCsJQZlNgmj4LoqRrX7B/xp04RxzOY0QfNMdPaKjCdnN3R2xWWrVkBQFLgP4dC2Pu8Cttk0p5PYcfiy0x7B/xa7JnOf1/1A+q31W9Mpj0jcdp6IC8uGwUhZrvih2wNHbOF9CWmZebIBoIXbiCdvk2z0TeiBleZ+eI+ZRueSTM/iq+LCm+PNkicpzNRiWnyZ2aicIIMhq2eFcgRB1P3qofOenrW4XZ0YcMWYm494DF04Vx/enSK2mG5jeqtY5twajutxfLxl//5edVL9azAuLF6HICLhYmJ8G1iwockERY47IgXH+bkwj5uS60r9mUMC5HMNndL16lnm3FNYHwpjVCjmWqV2b+POibjQnU3ZkJBDUReWsoGueuwC/buNuXPhotZNvRH8+Oc6Z9hShK+oCz1cHLYV4JShwSfmxFv4U+RVb5g0yKBKVRh0wNJ7Rg7+Nzwsvyoc4oNUVvQpYc8MEXkDxOZjBrclmqsqNyG0gw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 03dqnHhAZYPacI7FReRIafMdRBcx1SWjW1FdIs10gltb7NkYwridyTAJCnH4MXcwHfpX69GOoUtHnl74ha0S+V8bvJ7OtrB+sjpZ7NXoFwXMKz408ZFq0De3CVRFOEY+dk0sNKVqbvAV5j12cLtAawz5LZlR7WzdYAbMWQbms7CkiyhXPpYV0WtPkoJJGcIDXGa0EIZxIPxMt8Il5ccsKwqqHzTpxBzLFbTj/7Qx5EJ8tac7YGhz+9ocasWVUKuaV82vReUbtQpfF0cIDHTk2nr/qjN/zePeF6uS4mTidaRYvPPfmsb4IPgT1ahpHvw/2ScRaFNycZsl68sG67Fo9lMl5AnyfuaZiGweh3IXlzbsVLWgGO9RkIWC108EZwDCWi2UD+lZcmdSY/0A7R80U8ZPnmhpYa8WCnRjCBGQS93QKYYKGLDm7wV5SjszS95PXsIqQ0hx0IopFV/T8iKXLHd5oChjZNapkCM8nuu2QeLlJPDAOoejgGWCKuAbzY8vC6JaILbUhakJOjo1BzcYiroRNLcaFEn+1VBeN176/Yw+EnYpurhCMaZMteUAaN9evSToK5EFk1DWmKVL4ZFcn9BzeKzRfvSy7NQKTaEwiI1N437C0gD0oXFD0TNp2IRADEvBRVxx2/oRk4FnDLSLjOpFbu35fn/IwLmfTAcbtKSAFatSxw89q1EvCm6a0wbQKUO+evPJxFmXspr26DghidVexZD8F6iDVqpgpNO+5O53lOypicw2Ok64wfClc/fmi0KUTDC4rIqeUxVzaBNiXE+1Ua0BTUIwuv20Eppzy/WC05xeLIrJUpTh7To+4ZHataHCnwwtXllRduMaNKW3CyeDK67nbZ7PVBa3hZT58iawsH1DBTJHjy8hTNmRAynuuIKBQQkSijfypYP/Z1siNdCrbNFvRasNKM575LrthU45vkf81vEEfoHdfytIF1npt7eySDHBxRLIs2HSh05pXcwHzFRVfJKzD9hgShIZK0ouh+qkapnAcaYZ1N7/BnniUGX+OmBry9ULjIrASPkjbxDH2L4u5F5AtsWRU2FV3R6AKhS+sdxtACdaYVptnM/DAEAN+nmkoxi2B6h3zb4b7Rb/Dg+kYAWkAMNN/5SVuWn+NDUHwOkXZt5jtdvvf4IrlbW506Tp3Qrq9LfLAd4UFn41ZEMAnGvZglZ9VjNXyrafrDJ9PgcaJzDTJJp8ZlG8ILCFMyW8yKcVB7ud8bSYIGwmTgQzDYAuvyLA3NUXt6ndp557RBMaWhtUDyGT2buzJvk99RL9nht/WRGSuXVpUEzvg3ieQ0RTLeq22UcvNNA= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c4562916-2f9b-4c43-d741-08da7d3cf515 X-MS-Exchange-CrossTenant-AuthSource: DB6PR0101MB2214.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Aug 2022 15:03:19.2986 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1PR01MB9370 Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/mpegpicture: Don't copy unnecessarily, fix race X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: C2VKT6x4yVMh mpegvideo uses an array of Pictures and when it is done with using them, it only unreferences them incompletely: Some buffers are kept so that they can be reused lateron if the same slot in the Picture array is reused, making this a sort of a bufferpool. (Basically, a Picture is considered used if the AVFrame's buf is set.) Yet given that other pieces of the decoder may have a reference to these buffers, they need not be writable and are made writable using av_buffer_make_writable() when preparing a new Picture. This involves reading the buffer's data, although the old content of the buffer need not be retained. Worse, this read can be racy, because the buffer can be used by another thread at the same time. This happens for Real Video 3 and 4. This commit fixes this race by no longer copying the data; instead the old buffer is replaced by a new, zero-allocated buffer. (Here are the details of what happens with three or more decoding threads when decoding rv30.rm from the FATE-suite as happens in the rv30 test: The first decoding thread uses the first slot of its picture array to store its current pic; update_thread_context copies this for the second thread that decodes a P-frame. It uses the second slot in its Picture array to store its P-frame. This arrangement is then copied to the third decode thread, which decodes a B-frame. It uses the third slot in its Picture array for its current frame. update_thread_context copies this to the next thread. It unreferences the third slot containing the other B-frame and then it reuses this slot for its current frame. Because the pic array slots are only incompletely unreferenced, the buffers of the previous B-frame are still in there and they are not writable; in fact the previous thread is concurrently writing to them, causing races when making the buffer writable.) Signed-off-by: Andreas Rheinhardt --- libavcodec/mpegpicture.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/libavcodec/mpegpicture.c b/libavcodec/mpegpicture.c index 2192f74cea..ed96abbe2d 100644 --- a/libavcodec/mpegpicture.c +++ b/libavcodec/mpegpicture.c @@ -47,11 +47,25 @@ static void av_noinline free_picture_tables(Picture *pic) } } +static int make_table_writable(AVBufferRef **ref) +{ + AVBufferRef *old = *ref, *new; + + if (av_buffer_is_writable(old)) + return 0; + new = av_buffer_allocz(old->size); + if (!new) + return AVERROR(ENOMEM); + av_buffer_unref(ref); + *ref = new; + return 0; +} + static int make_tables_writable(Picture *pic) { #define MAKE_WRITABLE(table) \ do {\ - int ret = av_buffer_make_writable(&pic->table); \ + int ret = make_table_writable(&pic->table); \ if (ret < 0) \ return ret; \ } while (0)