[FFmpeg-devel] [PATCH 3/3] lavc/ffv1dec: fix races in accessing FFV1SliceContext.slice_damaged
Anton Khirnov
anton at khirnov.net
Mon Jul 22 12:43:22 EEST 2024
That variable is shared between frame threads in the same defective way
described in the previous commit. Fix it by adding a RefStruct-managed
arrays of flags that is propagated across frame threads in the standard
manner.
Remove now-unused FFV1Context.fsrc
---
libavcodec/ffv1.c | 2 ++
libavcodec/ffv1.h | 9 ++++++++-
libavcodec/ffv1dec.c | 26 +++++++++++++-------------
3 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 9c219b5ddb..333fb3d79b 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -214,6 +214,8 @@ av_cold int ff_ffv1_close(AVCodecContext *avctx)
ff_refstruct_unref(&sc->plane);
}
+ ff_refstruct_unref(&s->slice_damaged);
+
av_freep(&avctx->stats_out);
for (j = 0; j < s->quant_table_count; j++) {
av_freep(&s->initial_states[j]);
diff --git a/libavcodec/ffv1.h b/libavcodec/ffv1.h
index edc3f6aef0..92c629c823 100644
--- a/libavcodec/ffv1.h
+++ b/libavcodec/ffv1.h
@@ -118,7 +118,6 @@ typedef struct FFV1Context {
int64_t picture_number;
int key_frame;
ProgressFrame picture, last_picture;
- struct FFV1Context *fsrc;
const AVFrame *cur_enc_frame;
int plane_count;
@@ -148,6 +147,14 @@ typedef struct FFV1Context {
int num_h_slices;
FFV1SliceContext *slices;
+ /* RefStruct object, per-slice damage flags shared between frame threads.
+ *
+ * After a frame thread marks some slice as finished with
+ * ff_progress_frame_report(), the corresponding array element must not be
+ * accessed by this thread anymore, as from then on it is owned by the next
+ * thread.
+ */
+ uint8_t *slice_damaged;
} FFV1Context;
int ff_ffv1_common_init(AVCodecContext *avctx);
diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c
index 5821a4156a..a69f18e252 100644
--- a/libavcodec/ffv1dec.c
+++ b/libavcodec/ffv1dec.c
@@ -263,15 +263,10 @@ static int decode_slice(AVCodecContext *c, void *arg)
const int si = sc - f->slices;
GetBitContext gb;
- if (f->fsrc && !(p->flags & AV_FRAME_FLAG_KEY) && f->last_picture.f)
+ if (!(p->flags & AV_FRAME_FLAG_KEY) && f->last_picture.f)
ff_progress_frame_await(&f->last_picture, si);
- if (f->fsrc) {
- const FFV1SliceContext *scsrc = &f->fsrc->slices[si];
-
- if (!(p->flags & AV_FRAME_FLAG_KEY))
- sc->slice_damaged |= scsrc->slice_damaged;
- }
+ sc->slice_damaged |= f->slice_damaged[si];
sc->slice_rct_by_coef = 1;
sc->slice_rct_ry_coef = 1;
@@ -373,6 +368,8 @@ handle_damage:
sc->slice_height);
}
+ f->slice_damaged[si] = sc->slice_damaged;
+
ff_progress_frame_report(&f->picture, si);
return 0;
@@ -793,11 +790,14 @@ static int read_header(FFV1Context *f)
return AVERROR_INVALIDDATA;
}
+ ff_refstruct_unref(&f->slice_damaged);
+ f->slice_damaged = ff_refstruct_allocz(f->slice_count * sizeof(*f->slice_damaged));
+ if (!f->slice_damaged)
+ return AVERROR(ENOMEM);
+
for (int j = 0; j < f->slice_count; j++) {
FFV1SliceContext *sc = &f->slices[j];
- sc->slice_damaged = 0;
-
if (f->version == 2) {
int sx = get_symbol(c, state, 0);
int sy = get_symbol(c, state, 0);
@@ -945,6 +945,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *rframe,
int trailer = 3 + 5*!!f->ec;
int v;
+ sc->slice_damaged = 0;
+
if (i || f->version > 2) {
if (trailer > buf_p - buf) v = INT_MAX;
else v = AV_RB24(buf_p-trailer) + trailer;
@@ -1039,8 +1041,6 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
FFV1SliceContext *sc = &fdst->slices[i];
const FFV1SliceContext *sc0 = &fsrc->slices[i];
- sc->slice_damaged = sc0->slice_damaged;
-
ff_refstruct_replace(&sc->plane, sc0->plane);
if (fsrc->version < 3) {
@@ -1051,12 +1051,12 @@ static int update_thread_context(AVCodecContext *dst, const AVCodecContext *src)
}
}
+ ff_refstruct_replace(&fdst->slice_damaged, fsrc->slice_damaged);
+
av_assert1(fdst->max_slice_count == fsrc->max_slice_count);
ff_progress_frame_replace(&fdst->picture, &fsrc->picture);
- fdst->fsrc = fsrc;
-
return 0;
}
#endif
--
2.43.0
More information about the ffmpeg-devel
mailing list