From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 1D5134BE8F for ; Wed, 3 Dec 2025 14:52:29 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'a9d5Z2ADQmt4ggfuZa1uNmk4k4vSIlOSTJSZhZKCi+s=', expected b'E/cMafJwOavksQ8PCmE0G8rvL2lurd8MYXUc0uQCqkg=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1764773540; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=a9d5Z2ADQmt4ggfuZa1uNmk4k4vSIlOSTJSZhZKCi+s=; b=YBTFhmgQRgqKPX0l3jm/me3tv6BrNES9Nmn1Bh0lN7aslTyIvVtjo190IMG2yczOrr3LM flvfn/iny/i/cnlsBarikwdtrk95gsjOX20yKbIgyzsDS4pbnwC+dJPxfYSJunjrMqUJHe8 g7Jt6lpF4unITH1MclitZJE+25T0ym9qGlCtP24BkpxTbi3RG3FTL0Px8PC60vC6yYgA7QU ncof16W8iOaXp9ai1vVwJokwlTPaSyEpiCJbQ17lRvNidqJL7tT5OsdEjuUw7mGQo0POGxA mdQ70OtwOZy+Qi8ljTSU/fn9oUFnNMxznLMUy/AE3UhRUQO3M5qJ8X37SW/w== Received: from [172.19.0.3] (unknown [172.19.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 05DC56904E6; Wed, 3 Dec 2025 16:52:20 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1764773523; b=d0AvVYS1mf97q6E/O2G7VTJosuLMCAAdF510FvMSStrPuO7Rp50MjlEdL5B3lu3pxjcvY cLgBCmhQgoK08wKumT7YwoqjwGEx4FxVaT+gG9wtBGyHO8j8xfDxWZtQYqIz48hA/S+wfMt dmJwpH9cr+sgqQRBv1i9zR42fkjhk9mKsW7TCnAHjqpRUdg/v3VMK4uzlavh+IEsdmKDSDM 4620ukIs0EtpimHM2vRmV2HrsGdm9s/DzKmwVBKsmGeiGH/xfBtz7DgDyBiTINISK/eLbQp 8IhBdJ7nb/eYWx2hrfezUpLnLVvAtNFd054PFy0B/X4xN51p9259BliTLyhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1764773523; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=SCuocPk6E/roQh/kBbJws6uY2mvUhsPvinGt9AuAXrI=; b=UAeebRkZ5f0nDOkoBrCCmWgP+uIwWNLeBrWdkglZDofjTiWHi5qsTjLPDzO0UvAHpY2nw zXbgXXahoB32cbHLf2xaOlibnrb5F1h5coUl84br7Xlw6EpR5M7fbZ/tpzeNHMJz3qOmQwU wxTqFcgpplXGvu9F4y2TUUsn/91OOI6+N9A6dLc+VX0VJ1lSP6wES0aqYFjmAEqN0quXbhP wL4WHBa/zzvVHGIxsMmsZRzF2+4axe14cMuXjGmU5VMxl2R1rp1LP9A53yGt16rQLbslkJ1 bDOKO6NDqCYsnsFKG7MkaDunq1B/y4yET3p9ofJxdQUggKP4tDFoaL05DwOw== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1764773516; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=E/cMafJwOavksQ8PCmE0G8rvL2lurd8MYXUc0uQCqkg=; b=Gp1bbgkRV5aQoQPqhC2hWapxNEC5wUHwC8Nqmv7m6Gx94oZhxmAr36zyF8PCPaTpjqOCn q0FeveGf0XSzMmpZm8jR+c1tZwFfh1LqRWWVMyjIMPcsaXQ2bUcWfCSv9cbIXkYiAxBo6Z0 WM281M+p2Pyqh45JId3eSjshmP/cYAwTGk0uHOBX84cKd5vlCWabPoUVy9BQ9XmIs/q4ZoK sNVNZi9QGi+PlWKajPhEWaN01wSUbIL6U/9soz0EFXwjt17ZFWycF8amTzKn7aAzmUeMgqw LkPKHL7F8hHe1YJUg+pNtW/00GYNflwfyFRg3B3rBUsXfbU2DoT9iLQd/dWg== Received: from 55ca25703178 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 637FA690471 for ; Wed, 3 Dec 2025 16:51:56 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Wed, 03 Dec 2025 14:51:56 -0000 Message-ID: <176477351652.39.17463926320071400930@2cb04c0e5124> Message-ID-Hash: 75VHRNVRFUIC622SKFAFAXHXF7ETDPFC X-Message-ID-Hash: 75VHRNVRFUIC622SKFAFAXHXF7ETDPFC X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] avcodec/vp3: Sync VLCs once during init, fix crash (PR #21091) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: mkver via ffmpeg-devel Cc: mkver Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21091 opened by mkver URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21091 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21091.patch 6c7a344b65cb7476d1575cb1504e3a53bcbc83e7 made the VLCs shared between threads and did so in a way that was designed to support stream reconfigurations, so that the structure containing the VLCs was synced in update_thread_context. The idea was that the currently active VLCs would just be passed along between threads. Yet this was broken by 5acbdd2264d3b90dc11369f9e031e762f260882e: Before this commit, submit_packet() was a no-op during flushing for VP3, as it is a no-delay decoder, so it won't produce any output during flushing. This meant that prev_thread in pthread_frame.c contained the last dst thread that update_thread_context() was called for (so that these VLCs could be passed along between threads). Yet after said commit, submit_packet was no longer a no-op during flushing and changed prev_thread in such a way that it did not need to contain any VLCs at all*. When flushing, prev_thread is used to pass the current state to the first worker thread which is the one that is used to restart decoding. It could therefore happen that the decoding thread did not contain the VLCs at all any more after decoding restarts after flushing leading to a crash (this scenario was never anticipated and must not happen at all). There is a simple, easily backportable fix given that we do not support stream reconfigurations (yet) when using frame threading: Don't sync the VLCs in update_thread_context(), instead do it once during init. This fixes forgejo issue #20346 and trac issue #11592. (I don't know why 5acbdd2264d3b90dc11369f9e031e762f260882e changed submit_packet() to no longer be a no-op when draining no-delay decoders.) *: The exact condition for the crash is nb_threads > 2*nb_frames. Reviewed-by: Peter Ross Signed-off-by: Andreas Rheinhardt (cherry picked from commit 90551b7d80e39c2fcde67fc65e3623bbef12590c) >>From f9a3e1b7763669c5a29287b1dadc2f6288677e97 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Tue, 25 Nov 2025 21:02:11 +0100 Subject: [PATCH] avcodec/vp3: Sync VLCs once during init, fix crash 6c7a344b65cb7476d1575cb1504e3a53bcbc83e7 made the VLCs shared between threads and did so in a way that was designed to support stream reconfigurations, so that the structure containing the VLCs was synced in update_thread_context. The idea was that the currently active VLCs would just be passed along between threads. Yet this was broken by 5acbdd2264d3b90dc11369f9e031e762f260882e: Before this commit, submit_packet() was a no-op during flushing for VP3, as it is a no-delay decoder, so it won't produce any output during flushing. This meant that prev_thread in pthread_frame.c contained the last dst thread that update_thread_context() was called for (so that these VLCs could be passed along between threads). Yet after said commit, submit_packet was no longer a no-op during flushing and changed prev_thread in such a way that it did not need to contain any VLCs at all*. When flushing, prev_thread is used to pass the current state to the first worker thread which is the one that is used to restart decoding. It could therefore happen that the decoding thread did not contain the VLCs at all any more after decoding restarts after flushing leading to a crash (this scenario was never anticipated and must not happen at all). There is a simple, easily backportable fix given that we do not support stream reconfigurations (yet) when using frame threading: Don't sync the VLCs in update_thread_context(), instead do it once during init. This fixes forgejo issue #20346 and trac issue #11592. (I don't know why 5acbdd2264d3b90dc11369f9e031e762f260882e changed submit_packet() to no longer be a no-op when draining no-delay decoders.) *: The exact condition for the crash is nb_threads > 2*nb_frames. Reviewed-by: Peter Ross Signed-off-by: Andreas Rheinhardt (cherry picked from commit 90551b7d80e39c2fcde67fc65e3623bbef12590c) --- libavcodec/vp3.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 8f18cdf4c6..48ae1e8041 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -46,7 +46,6 @@ #include "decode.h" #include "get_bits.h" #include "hpeldsp.h" -#include "internal.h" #include "jpegquanttables.h" #include "mathops.h" #include "progressframe.h" @@ -2458,7 +2457,7 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx) } } - if (!avctx->internal->is_copy) { + if (ff_thread_sync_ref(avctx, offsetof(Vp3DecodeContext, coeff_vlc)) != FF_THREAD_IS_COPY) { CoeffVLCs *vlcs = av_refstruct_alloc_ext(sizeof(*s->coeff_vlc), 0, NULL, free_vlc_tables); if (!vlcs) @@ -2527,8 +2526,6 @@ static int vp3_update_thread_context(AVCodecContext *dst, const AVCodecContext * const Vp3DecodeContext *s1 = src->priv_data; int qps_changed = 0; - av_refstruct_replace(&s->coeff_vlc, s1->coeff_vlc); - // copy previous frame data ref_frames(s, s1); if (!s1->current_frame.f || -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org