[FFmpeg-devel] [PATCH v2] avcodec/vp9: avoid using uninitialized mutex/condition

Thu Sep 2 12:19:10 EEST 2021

When using slice decoding vp9_free_entries() is called before
vp9_alloc_entries() is ever called. It should destroy properly
initialized variables (or check it was never called before).

It usually works undetected as pthread implementations allows NULL as a
special value (and should return EINVAL but doesn't). But pthreadGC2
doesn't allow NULL in pthread_mutex_destroy() and crashes when that's
the case.
---
 libavcodec/vp9.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 874005a5ae..8a3d82da09 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -42,7 +42,7 @@
 static void vp9_free_entries(AVCodecContext *avctx) {
     VP9Context *s = avctx->priv_data;
 
-    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+    if (avctx->active_thread_type & FF_THREAD_SLICE) {
         pthread_mutex_destroy(&s->progress_mutex);
         pthread_cond_destroy(&s->progress_cond);
         av_freep(&s->entries);
@@ -1796,6 +1796,10 @@ static av_cold int vp9_decode_init(AVCodecContext *avctx)
 
     s->last_bpp = 0;
     s->s.h.filter.sharpness = -1;
+    if (avctx->active_thread_type & FF_THREAD_SLICE)  {
+        pthread_mutex_init(&s->progress_mutex, NULL);
+        pthread_cond_init(&s->progress_cond, NULL);
+    }
 
     for (int i = 0; i < 3; i++) {
         s->s.frames[i].tf.f = av_frame_alloc();
-- 
2.29.2

