From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Subject: [FFmpeg-devel] [PATCH 33/33] avcodec/mpeg4videodec: Move use_intra_dc_vlc to stack, fix data race
Date: Wed, 26 Jan 2022 22:34:51 +0100
Message-ID: <AM7PR03MB66608F749C936C5803DAF5288F209@AM7PR03MB6660.eurprd03.prod.outlook.com> (raw)
In-Reply-To: <AM7PR03MB66600AC2EF455B4D004E12E28F5F9@AM7PR03MB6660.eurprd03.prod.outlook.com>
use_intra_dc_vlc is currently kept in sync between frame threads
in mpeg4_update_thread_context(), yet it is set when decoding
blocks, i.e. after ff_thread_finish_setup(). This is a data race
and therefore undefined behaviour.
This race can be fixed easily by moving the variable from the context
to the stack: use_intra_dc_vlc is only read in
mpeg4_decode_block() and only if one is decoding an intra block.
There are three callsites for this function: One in
mpeg4_decode_partitioned_mb() which always sets use_intra_dc_vlc
before the call and two in mpeg4_decode_mb(). One of these callsites
is for intra blocks and use_intra_dc_vlc is set before it;
the last callsite is for non-intra blocks, where use_intra_dc_vlc
is ignored. So if it is used, it always uses a new value and can
therefore be moved to the stack.
The above also explains why this data race did not lead to
FATE-test failures.
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
libavcodec/mpeg4video.h | 1 -
libavcodec/mpeg4videodec.c | 24 ++++++++++++++----------
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/libavcodec/mpeg4video.h b/libavcodec/mpeg4video.h
index 9fc79b1a22..14fc5e1396 100644
--- a/libavcodec/mpeg4video.h
+++ b/libavcodec/mpeg4video.h
@@ -94,7 +94,6 @@ typedef struct Mpeg4DecContext {
int new_pred;
int enhancement_type;
int scalability;
- int use_intra_dc_vlc;
/// QP above which the ac VLC should be used for intra dc
int intra_dc_threshold;
diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
index b8118ff2d2..2aea845580 100644
--- a/libavcodec/mpeg4videodec.c
+++ b/libavcodec/mpeg4videodec.c
@@ -1105,7 +1105,8 @@ int ff_mpeg4_decode_partitions(Mpeg4DecContext *ctx)
* @return <0 if an error occurred
*/
static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
- int n, int coded, int intra, int rvlc)
+ int n, int coded, int intra,
+ int use_intra_dc_vlc, int rvlc)
{
MpegEncContext *s = &ctx->m;
int level, i, last, run, qmul, qadd;
@@ -1117,7 +1118,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
// Note intra & rvlc should be optimized away if this is inlined
if (intra) {
- if (ctx->use_intra_dc_vlc) {
+ if (use_intra_dc_vlc) {
/* DC coef */
if (s->partitioned_frame) {
level = s->dc_val[0][s->block_index[n]];
@@ -1357,7 +1358,7 @@ static inline int mpeg4_decode_block(Mpeg4DecContext *ctx, int16_t *block,
not_coded:
if (intra) {
- if (!ctx->use_intra_dc_vlc) {
+ if (!use_intra_dc_vlc) {
block[0] = ff_mpeg4_pred_dc(s, n, block[0], &dc_pred_dir, 0);
i -= i >> 31; // if (i == -1) i = 0;
@@ -1378,7 +1379,7 @@ not_coded:
static int mpeg4_decode_partitioned_mb(MpegEncContext *s, int16_t block[6][64])
{
Mpeg4DecContext *ctx = s->avctx->priv_data;
- int cbp, mb_type;
+ int cbp, mb_type, use_intra_dc_vlc;
const int xy = s->mb_x + s->mb_y * s->mb_stride;
av_assert2(s == (void*)ctx);
@@ -1386,7 +1387,7 @@ static int mpeg4_decode_partitioned_mb(MpegEncContext *s, int16_t block[6][64])
mb_type = s->current_picture.mb_type[xy];
cbp = s->cbp_table[xy];
- ctx->use_intra_dc_vlc = s->qscale < ctx->intra_dc_threshold;
+ use_intra_dc_vlc = s->qscale < ctx->intra_dc_threshold;
if (s->current_picture.qscale_table[xy] != s->qscale)
ff_set_qscale(s, s->current_picture.qscale_table[xy]);
@@ -1436,7 +1437,8 @@ static int mpeg4_decode_partitioned_mb(MpegEncContext *s, int16_t block[6][64])
s->bdsp.clear_blocks(s->block[0]);
/* decode each block */
for (i = 0; i < 6; i++) {
- if (mpeg4_decode_block(ctx, block[i], i, cbp & 32, s->mb_intra, ctx->rvlc) < 0) {
+ if (mpeg4_decode_block(ctx, block[i], i, cbp & 32, s->mb_intra,
+ use_intra_dc_vlc, ctx->rvlc) < 0) {
av_log(s->avctx, AV_LOG_ERROR,
"texture corrupted at %d %d %d\n",
s->mb_x, s->mb_y, s->mb_intra);
@@ -1763,6 +1765,8 @@ static int mpeg4_decode_mb(MpegEncContext *s, int16_t block[6][64])
}
s->current_picture.mb_type[xy] = mb_type;
} else { /* I-Frame */
+ int use_intra_dc_vlc;
+
do {
cbpc = get_vlc2(&s->gb, ff_h263_intra_MCBPC_vlc.table, INTRA_MCBPC_VLC_BITS, 2);
if (cbpc < 0) {
@@ -1790,7 +1794,7 @@ intra:
}
cbp = (cbpc & 3) | (cbpy << 2);
- ctx->use_intra_dc_vlc = s->qscale < ctx->intra_dc_threshold;
+ use_intra_dc_vlc = s->qscale < ctx->intra_dc_threshold;
if (dquant)
ff_set_qscale(s, s->qscale + quant_tab[get_bits(&s->gb, 2)]);
@@ -1801,7 +1805,8 @@ intra:
s->bdsp.clear_blocks(s->block[0]);
/* decode each block */
for (i = 0; i < 6; i++) {
- if (mpeg4_decode_block(ctx, block[i], i, cbp & 32, 1, 0) < 0)
+ if (mpeg4_decode_block(ctx, block[i], i, cbp & 32,
+ 1, use_intra_dc_vlc, 0) < 0)
return AVERROR_INVALIDDATA;
cbp += cbp;
}
@@ -1810,7 +1815,7 @@ intra:
/* decode each block */
for (i = 0; i < 6; i++) {
- if (mpeg4_decode_block(ctx, block[i], i, cbp & 32, 0, 0) < 0)
+ if (mpeg4_decode_block(ctx, block[i], i, cbp & 32, 0, 0, 0) < 0)
return AVERROR_INVALIDDATA;
cbp += cbp;
}
@@ -3529,7 +3534,6 @@ static int mpeg4_update_thread_context(AVCodecContext *dst,
s->new_pred = s1->new_pred;
s->enhancement_type = s1->enhancement_type;
s->scalability = s1->scalability;
- s->use_intra_dc_vlc = s1->use_intra_dc_vlc;
s->intra_dc_threshold = s1->intra_dc_threshold;
s->divx_version = s1->divx_version;
s->divx_build = s1->divx_build;
--
2.32.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2022-01-26 21:36 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-25 17:36 [FFmpeg-devel] [PATCH 01/21] avcodec/h263: Remove declaration for inexistent function Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 02/21] avcodec/h263: Move decoding-only stuff to a new header h263dec.h Andreas Rheinhardt
[not found] ` <20220125174148.994967-1-andreas.rheinhardt@outlook.com>
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 03/21] avcodec/mpeg4videoenc: Use stack variable for vo_type Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 04/21] avcodec/mpeg4videodec: Keep vo_type in sync between threads Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 05/21] avcodec/mpeg4?video: Move vo_type to Mpeg4DecContext Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 06/21] avcodec/ituh263enc: Use stack variable for custom_pcf Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 07/21] avcodec/mpeg12enc: Use stack variable for aspect_ratio_info Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 08/21] avcodec/mpeg12enc: Return early if no Sequence Header is written Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 09/21] avcodec/mpeg12enc: Reindent after the previous commit Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 10/21] avcodec/mpeg4videoenc: Use stack variable for aspect_ratio_info Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 11/21] avcodec/ituh263enc: " Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 12/21] avcodec/ituh263dec: " Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 13/21] avcodec/mpeg4videodec: " Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 14/21] avcodec/mpegvideo: Move aspect_ratio_info to Mpeg1Context Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 15/21] avcodec/mpegvideo: Move timecode_frame_start " Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 16/21] avcodec/mpegvideo_enc: Don't sync gop_picture_number among slice threads Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 17/21] avcodec/mpegvideo: Move gop_picture_number to MPEG12EncContext Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 18/21] avcodec/mpegvideo_enc: Move msmpeg4/wmv1 encoders to msmpeg4enc.c Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 19/21] avcodec/mpegvideo_enc: Move H.263p? encoders to ituh263enc.c Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 20/21] avcodec/speedhqenc: Add SpeedHQEncContext and move slice_start to it Andreas Rheinhardt
2022-01-25 17:41 ` [FFmpeg-devel] [PATCH 21/21] avcodec/mpegvideo: Move frame_rate_index to (Mpeg1|MPEG12Enc)Context Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 22/33] avcodec/mpegvideo_enc: Localize check for invalid number of b-frames Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 23/33] avcodec/mpegvideo_enc: Don't hardcode list of codecs supporting bframes Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 24/33] avcodec/mpegvideo: Fix off-by-one error when decoding >8 bit MPEG-4 Andreas Rheinhardt
2022-01-27 10:13 ` Kieran Kunhya
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 25/33] avcodec/mpegvideo: Fix crash when using lowres with 10bit MPEG-4 Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 26/33] fate/mpeg4: Add test for MPEG-4 Simple Studio Profile Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 27/33] avcodec/mpegvideo: Move handling Simple Studio Profile to mpeg4videodec Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 28/33] avcodec/mpegvideo: Move MPEG-4 Simple Studio Profile fields to mpeg4video Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 29/33] avcodec/mpegpicture: Let ff_mpeg_unref_picture() free picture tables Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 30/33] avcodec/mpegpicture: Add function to completely free MPEG-Picture Andreas Rheinhardt
2022-01-27 14:21 ` James Almer
2022-01-27 14:35 ` Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 31/33] avcodec/h264data: Add missing rational.h inclusion Andreas Rheinhardt
2022-01-26 21:34 ` [FFmpeg-devel] [PATCH 32/33] avcodec/mpegvideo: Use offset instead of pointer for vbv_delay Andreas Rheinhardt
2022-01-26 21:34 ` Andreas Rheinhardt [this message]
2022-01-28 11:36 ` [FFmpeg-devel] [PATCH 01/21] avcodec/h263: Remove declaration for inexistent function Andreas Rheinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AM7PR03MB66608F749C936C5803DAF5288F209@AM7PR03MB6660.eurprd03.prod.outlook.com \
--to=andreas.rheinhardt@outlook.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git