[FFmpeg-trac] #8643(avcodec:new): Data race in pthread_frame.c
FFmpeg
trac at avcodec.org
Wed Apr 29 11:35:00 EEST 2020
#8643: Data race in pthread_frame.c
-----------------------------------+-------------------------------------
Reporter: Zu-Ming | Type: defect
Status: new | Priority: important
Component: avcodec | Version: 4.2
Keywords: Data race | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+-------------------------------------
Summary of the bug:
**Execute command: ** `./ffmpeg -y -threads 4 -i small.mp4 output.avi`
**Version:** 4.2
**Race object:** `p->result`
**Thread 1:**
**Access:** `p->result = codec->decode(avctx, p->frame, &p->got_frame,
&p->avpkt);`
**Line number:** `pthread_frame.c; 201`
**Call stack:**
1. `frame_worker_thread()`
**Lock:** `pthread_mutex_lock(&p->mutex);`
**Thread 2:**
**Access:** `p->result = 0;`
**Line number:** `h264dec.c; 913`
**Call stack:**
1. `ff_thread_decode_frame()`
2. `decode_simple_internal()`
3. `decode_simple_receive_frame()`
4. `decode_receive_frame_internal()`
5. `avcodec_send_packet()`
6. `decode()`
7. `decode_video()`
8. `process_input_packet()`
9. `transcode()`
10. `main()`
**Lock:** None
**Impact:** This race cause `p->result` uncertain, which may affect the
status of ffmpeg.
My data race fuzzer, conzzer, finds that these 2 accesses can be executed
concurrently, and they are protected by different locks, so my fuzzer
report this race.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/8643>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list