From patchwork Sat Apr 24 11:14:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 27254 Delivered-To: andriy.gelman@gmail.com Received: by 2002:a25:49c5:0:0:0:0:0 with SMTP id w188csp2034562yba; Sat, 24 Apr 2021 04:15:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrLLUq0gsrVfDmWdwGgL1xZUCv5XUQej10gLYvYhYlKotcS+XoN4TS88/CDR0NI3em5pBS X-Received: by 2002:a05:6402:698:: with SMTP id f24mr9648377edy.217.1619262938240; Sat, 24 Apr 2021 04:15:38 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id u16si7583549edi.298.2021.04.24.04.15.37; Sat, 24 Apr 2021 04:15:38 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=SeTj4PiC; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 14AC1689E41; Sat, 24 Apr 2021 14:15:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-oln040092075043.outbound.protection.outlook.com [40.92.75.43]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7F642689A61 for ; Sat, 24 Apr 2021 14:15:33 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nhLhJsjdHqtCCFPfnI9pf7tdwMPDHY84mCYoobPXlDTJtgI4orxkjy+9C82telmZWJ5cvoroZ65EcYW9moDq2sVKz3pJOv8u/gIRCSpDX1jvgRlPCFysnRQvsoQuTGZ3fZzZdvj/dWUcPomA2a3bLHuVel5/OjZudSAI3Fpq2aXb3qIOmvh6INg6Onyf9LfdsNMtSmYTB3SZy93XCBq0SiDpZ6DmU3KYAo5QqjOwHEItJ5hFS+81Vhnb9UOv/gYMD4Dd5hdDKcizYNDWFpEAffC80sbv++ReAV608kwPWcykt5Lnn3iWiXw7d8EIT7rNECPWmtX/bMD2r5u1zMdUvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U7wZ0PSsPYQg2iGuBTrmGWBiGX6kWBQfpE/CI0GpYV0=; b=fwXye0wkKbUkyXnnzo5HQq1Eg30j6SdndFtexVj3rK1Gamdf9zv3YCUDjLaFYxAvbGwisX/lqXgZmAdegqN2PLGrgyaXqGlL/8T7JdnLi4iBes6uP/fpx7XwmzF2uzDUIpEpdwP5kard1eIE+ariNifTKm8yL+6Vq43cBw/ZwC1ZIw3pxq6bfMKJD7dvq5qun7iGzzvicxIx5Vmh2E+kBDhQFDd8KVnaW2dzbifEEpmd1yxtdvUUaJ8/bybNUfQdu5lNEPc/CZOSy6uRfwrs0yJIIa8nDvphFMO/uwWgqL2q4BBN8GKDfSb+UBcEQu0X92TVB6wOvBdX9aS8HlQY6w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U7wZ0PSsPYQg2iGuBTrmGWBiGX6kWBQfpE/CI0GpYV0=; b=SeTj4PiCU2+R+7XzxWAgUIbDjHsMvughsyENx1P1Uo26nfNOFkDPgb4s39PFO9uenxJo+TxJpnjiciPQBkAbTWq91YbIg4GcH4Ybw5UZrw8/o/YKOIvY2C/0XOPcDB+T4Ii0FY3wrQbdZxZmVGIF0TuGhuH+M0oUHQkW6jnVpefRpRkORN1geDKwIrDdP33D2Re41AlxoGjOXKShoEM+/jTwyOFuBOcVGcqCKJgfpmSb1gos66dcv0hD9puKLayNjI20LV0doebhjOC1OfrO8Q72mbdfvZfsKjviK/CZ1uThwIh7UGuqPJCgs3pigsl02O7Q1N8H+F0+d6nhGE3SXQ== Received: from HE1EUR04FT042.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::43) by HE1EUR04HT105.eop-eur04.prod.protection.outlook.com (2a01:111:e400:7e0d::135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21; Sat, 24 Apr 2021 11:15:32 +0000 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com (2a01:111:e400:7e0d::46) by HE1EUR04FT042.mail.protection.outlook.com (2a01:111:e400:7e0d::159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Sat, 24 Apr 2021 11:15:32 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:1543264E4E5AA30854AC637F79BF76ECA132F76F9AABF98D2E74BBB5ED4E2F34; UpperCasedChecksum:41B0FF6D2658ECA59C008219F91B80B723D52CB8D53F9EF712FADB5DA015A7D2; SizeAsReceived:7606; Count:48 Received: from HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7]) by HE1PR0301MB2154.eurprd03.prod.outlook.com ([fe80::45bb:c44f:2b75:23b7%5]) with mapi id 15.20.4065.025; Sat, 24 Apr 2021 11:15:32 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 24 Apr 2021 13:14:37 +0200 Message-ID: X-Mailer: git-send-email 2.27.0 In-Reply-To: References: X-TMN: [6O4/kVlZt5/AK9klit1f+Axa2s0zUNTq] X-ClientProxiedBy: ZR0P278CA0160.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::18) To HE1PR0301MB2154.eurprd03.prod.outlook.com (2603:10a6:3:2a::22) X-Microsoft-Original-Message-ID: <20210424111446.30338-4-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from sblaptop.fritz.box (188.193.248.86) by ZR0P278CA0160.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:41::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4065.21 via Frontend Transport; Sat, 24 Apr 2021 11:15:31 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 48 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 9320ac6a-aef8-46d1-9d20-08d907124668 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiSHACczraePvIduOTLAdlimzofZQIdO6ckY6iSIQobtjRB9/OkbNilEvcSo7HpzcJ7NYwcYYPJOh16U70eg+lWfxUzCC7ezw8uhvDBd+eBciqrRdMbQinoZ1hSkzhNd0nMVqzz2Lggbij753QBWVJzsVpkO6WcoTwG5HMTOeW+unF3NA6Pe8N1cQ32vwBy+Sq5xWG4T0rF4wtV4BKkiTSjNSqtd3TYKg0QrD21ZYO/7xFK3PoUOSfjCFfNQwDNJJl/c+CK8u1XwHTYjXN/f8XgaPEA31y/iM+alExN/m8a1BA9dYXFM7vy+r7eBJiPkGh3jMAuqx2mT5kpEDSdx5QZhFrqQL2eRRrmBn9Qku/K5hNVulS+HuZvtDfIfZHWwy1P7JS8M8NR90m6W1RzPLjTlIRhvKCTakvzuIuqdAK/X98AQynTHb0P0i/XbASRSq4bmo1T0hZRjM9g5s8lspC4gratANfO8nEmkopf32FpEiwCFT+ANlD8UOzab5ZN1OO1f8WdohqSc7rCeWcQUx3HUGpdpA06BP+GexuffaQbOBjxIW0xrgAqzz6oNgRbVpG1IKyotgn26hl6Id77ZA6PqZotgpPObk8XREhOdeuCtRI8d/KNsJkpbUjoTCMThTO0pWFWW6ikBQIRm+GcLNJyzKv7pz7X8VnBgE1FKGWx+4GBWOKZ6VQuTfidIoQwO7f8mtalVWYA0nt7s/Ebd13JlZjxurc740jgZENEYgYIEMVCiaheLacyqltrCIBXnRNU= X-MS-TrafficTypeDiagnostic: HE1EUR04HT105: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Y8o4TNbsHDop0M+MFSQWLwPzZ++MfgEAAdvcklWSd8m+LkR6GVp67qRTo1CvU2ttVdpJXuJnBGK4sjC7uq6yTvTwnTOvTm7YD9rMdmPZy4beOpAD4Flecg611cbvJQnPZK7U36HsB/VbN30r/aeGfA0IKJstnvfEh0eDCiF1Ow7rJCDy8M51+WGSPdcQMwomKRXCuHpDVFA7HX9z9xK4ew7qA+hv7NRDYTCPMzxMA/AD4yK1b54AxoEZbX5ZeXkF3Uwef4es+GuMeLVfAek7CJEaL/qJEMLOr80OEZ3IE2D8ZsS7qWIjQbr67nNluxM3mEEErDAiQRc2B1wm7lw7suiJejcTj3PiYaezxudabgwRJ+9T6/xxY3GBRnYe2Qk9zu+UWqD7kTlOv+7r4M5M0g== X-MS-Exchange-AntiSpam-MessageData: 9Hr9JtFn12en6cxYhUNMSz3mf5XHJkbhte5a/uUwbbqVufMzG5rD/tl390qH1rd9qEtkmqzouJIpRdfyBqs4VbdplQ+g3ot+571s+Okn4wkY6dTmsfsmEEuj4/xQPt17Ga3oHXwGb9vJBUkiH9Ffqw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9320ac6a-aef8-46d1-9d20-08d907124668 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Apr 2021 11:15:32.3391 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: HE1EUR04FT042.eop-eur04.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR04HT105 Subject: [FFmpeg-devel] [PATCH 05/14] avcodec/ffv1dec: Fix data races emanating from copying whole context X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: f7fwGe2f+0zU Content-Length: 2660 When using frame threading, the FFV1 decoder's update_thread_context() function copies the whole context and afterwards restores some allocated fields with backups made earlier. Among these fields are the ThreadFrames and the source context's ThreadFrames can change concurrently without any synchronization, leading to data races which are undefined behaviour even if they don't lead to problems in practice (as the destination's own ThreadFrames are restored directly thereafter). Fix this by only copying the actually needed fields. Signed-off-by: Andreas Rheinhardt --- libavcodec/ffv1dec.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index c08ec5c1b7..9a9ee10a4c 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -1031,18 +1031,12 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src) if (dst == src) return 0; - { - ThreadFrame picture = fdst->picture, last_picture = fdst->last_picture; - uint8_t (*initial_states[MAX_QUANT_TABLES])[32]; - struct FFV1Context *slice_context[MAX_SLICES]; - memcpy(initial_states, fdst->initial_states, sizeof(fdst->initial_states)); - memcpy(slice_context, fdst->slice_context , sizeof(fdst->slice_context)); - - memcpy(fdst, fsrc, sizeof(*fdst)); - memcpy(fdst->initial_states, initial_states, sizeof(fdst->initial_states)); - memcpy(fdst->slice_context, slice_context , sizeof(fdst->slice_context)); - fdst->picture = picture; - fdst->last_picture = last_picture; + copy_fields(fdst, fsrc, fsrc); + fdst->use32bit = fsrc->use32bit; + memcpy(fdst->state_transition, fsrc->state_transition, + sizeof(fdst->state_transition)); + memcpy(fdst->quant_table, fsrc->quant_table, sizeof(fsrc->quant_table)); + for (i = 0; inum_h_slices * fdst->num_v_slices; i++) { FFV1Context *fssrc = fsrc->slice_context[i]; FFV1Context *fsdst = fdst->slice_context[i]; @@ -1050,7 +1044,6 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src) } av_assert0(!fdst->plane[0].state); av_assert0(!fdst->sample_buffer); - } av_assert1(fdst->max_slice_count == fsrc->max_slice_count);