[FFmpeg-trac] #8640(avcodec:new): Data race in pthread_frame.c and h264dec.c
FFmpeg
trac at avcodec.org
Wed Apr 29 10:52:35 EEST 2020
#8640: Data race in pthread_frame.c and h264dec.c
-----------------------------------+-------------------------------------
Reporter: Zu-Ming | Type: defect
Status: new | Priority: important
Component: avcodec | Version: 4.2
Keywords: Data race | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+-------------------------------------
Summary of the bug:
**Execute command: ** `./ffmpeg -y -threads 4 -i small.mp4 output.avi`
**Version:** 4.2
**Race object:** `p->got_frame`
**Thread 1:**
**Access:** `p->got_frame = 0;`
**Line number:** `pthread_frame.c; 537`
**Call stack:**
1. `ff_thread_decode_frame()`
2. `decode_simple_internal()`
3. `decode_simple_receive_frame()`
4. `decode_receive_frame_internal()`
5. `avcodec_send_packet()`
6. `decode()`
7. `decode_video()`
8. `process_input_packet()`
9. `process_input()`
10. `transcode_step()`
11. `transcode()`
12. `main()`
**Lock:** None
**Thread 2:**
**Access:** `*got_frame = 1;`
**Line number:** `h264dec.c; 913`
**Call stack:**
1. `finalize_frame()`
2. `h264_decode_frame()`
3. `frame_worker_thread()`
**Lock:** `pthread_mutex_lock(&p->mutex);`
**Impact:** This race cause `p->got_frame` uncertain, which may affect the
status of ffmpeg.
My data race fuzzer, conzzer, finds that these 2 accesses can be executed
concurrently, and they are protected by different locks, so my fuzzer
report this race.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8640>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list