[FFmpeg-trac] #10567(ffmpeg:new): Data race in mpegvideo.c and mpeg4video.h
FFmpeg
trac at avcodec.org
Fri Sep 15 15:36:30 EEST 2023
#10567: Data race in mpegvideo.c and mpeg4video.h
-----------------------------------+--------------------------------------
Reporter: hcantunc | Type: defect
Status: new | Priority: normal
Component: ffmpeg | Version: git-master
Keywords: data race | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-----------------------------------+--------------------------------------
**Summary of the bug:**
I'm developing a new bug detector on top of TSan, which found a data race
in `mpeg4video.h` and `mpegvideo.c`. I confirmed that this issue is also
reproducible with the original TSan. Below please find the detailed
report.
**How to reproduce:**
{{{
% ./ffmpeg -y -threads 4 -i input.mp4 output.avi
ffmpeg version 6.0
built on Ubuntu 20.04 with TSan enabled.
}}}
There also seems a number of other races on the same variable `dc_val` in
different lines. Below, I have also put the other line number pairs where
a race was found.
{{{
WARNING: ThreadSanitizer: data race (pid=1093048)
Read of size 2 at 0x7b8c00006b64 by thread T19 (mutexes: write M0):
#0 ff_mpeg4_pred_dc ~/ffmpeg/libavcodec/mpeg4video.h:73:9
(ffmpeg+0x161a1f6)
#1 ff_mpeg4_encode_mb ~/ffmpeg/libavcodec/mpeg4videoenc.c:806:26
(ffmpeg+0x1618a8f)
#2 encode_mb_internal ~/ffmpeg/libavcodec/mpegvideo_enc.c:2462:13
(ffmpeg+0x169c929)
#3 encode_mb ~/ffmpeg/libavcodec/mpegvideo_enc.c:2504:9
(ffmpeg+0x169c929)
#4 encode_thread ~/ffmpeg/libavcodec/mpegvideo_enc.c:3431:17
(ffmpeg+0x169c929)
#5 worker_func ~/ffmpeg/libavcodec/pthread_slice.c:76:21
(ffmpeg+0x17d5fe4)
#6 run_jobs ~/ffmpeg/libavutil/slicethread.c:65:9 (ffmpeg+0x290fb42)
#7 thread_worker ~/ffmpeg/libavutil/slicethread.c:89:13
(ffmpeg+0x290f14d)
Previous write of size 2 at 0x7b8c00006b64 by thread T18 (mutexes: write
M1):
#0 ff_clean_intra_table_entries ~/ffmpeg/libavcodec/mpegvideo.c:840:22
(ffmpeg+0x165a72f)
#1 mpv_reconstruct_mb_internal
~/ffmpeg/libavcodec/mpv_reconstruct_mb_template.c:68:17 (ffmpeg+0x16b5772)
#2 mpv_reconstruct_mb ~/ffmpeg/libavcodec/mpegvideo_enc.c:1047:5
(ffmpeg+0x16b5772)
#3 encode_thread ~/ffmpeg/libavcodec/mpegvideo_enc.c:3440:17
(ffmpeg+0x16a53f5)
#4 worker_func ~/ffmpeg/libavcodec/pthread_slice.c:76:21
(ffmpeg+0x17d5fe4)
#5 run_jobs ~/ffmpeg/libavutil/slicethread.c:65:9 (ffmpeg+0x290fb42)
#6 thread_worker ~/ffmpeg/libavutil/slicethread.c:89:13
(ffmpeg+0x290f14d)
Location is heap block of size 6870 at 0x7b8c00005400 allocated by main
thread:
#0 posix_memalign ~/tsan/rtl/tsan_interceptors_posix.cpp:884:3
(ffmpeg+0x182377)
#1 av_malloc ~/ffmpeg/libavutil/mem.c:105:9 (ffmpeg+0x28b0cb9)
#2 av_mallocz ~/ffmpeg/libavutil/mem.c:256:17 (ffmpeg+0x28b1325)
#3 av_calloc ~/ffmpeg/libavutil/mem.c:267:12 (ffmpeg+0x28b13c1)
#4 ff_mpv_init_context_frame ~/ffmpeg/libavcodec/mpegvideo.c:611:14
(ffmpeg+0x1658745)
#5 ff_mpv_common_init ~/ffmpeg/libavcodec/mpegvideo.c:727:16
(ffmpeg+0x1659097)
#6 ff_mpv_encode_init ~/ffmpeg/libavcodec/mpegvideo_enc.c:803:16
(ffmpeg+0x167cfa0)
#7 encode_init ~/ffmpeg/libavcodec/mpeg4videoenc.c:1291:16
(ffmpeg+0x161ee0c)
#8 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:322:19
(ffmpeg+0xf54382)
#9 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20
(ffmpeg+0x26e607)
#10 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11
(ffmpeg+0x26deb0)
#11 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#12 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#13 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#14 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#15 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Mutex M0 (0x7b5c00003338) created at:
#0 pthread_mutex_init ~/tsan/rtl/tsan_interceptors_posix.cpp:1341:3
(ffmpeg+0x1a6782)
#1 strict_pthread_mutex_init ~/ffmpeg/libavutil/thread.h:78:9
(ffmpeg+0x290ee1c)
#2 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:146:9
(ffmpeg+0x290eae2)
#3 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31
(ffmpeg+0x17d5cce)
#4 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16
(ffmpeg+0x17cee38)
#5 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15
(ffmpeg+0xf5428c)
#6 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20
(ffmpeg+0x26e607)
#7 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11
(ffmpeg+0x26deb0)
#8 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#9 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#10 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#11 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#12 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Mutex M1 (0x7b5c000032c8) created at:
#0 pthread_mutex_init ~/tsan/rtl/tsan_interceptors_posix.cpp:1341:3
(ffmpeg+0x1a6782)
#1 strict_pthread_mutex_init ~/ffmpeg/libavutil/thread.h:78:9
(ffmpeg+0x290ee1c)
#2 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:146:9
(ffmpeg+0x290eae2)
#3 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31
(ffmpeg+0x17d5cce)
#4 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16
(ffmpeg+0x17cee38)
#5 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15
(ffmpeg+0xf5428c)
#6 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20
(ffmpeg+0x26e607)
#7 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11
(ffmpeg+0x26deb0)
#8 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#9 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#10 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#11 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#12 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Thread T19 (tid=1093069, running) created by main thread at:
#0 pthread_create ~/tsan/rtl/tsan_interceptors_posix.cpp:1048:3
(ffmpeg+0x16b8d6)
#1 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:151:19
(ffmpeg+0x290eb3e)
#2 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31
(ffmpeg+0x17d5cce)
#3 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16
(ffmpeg+0x17cee38)
#4 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15
(ffmpeg+0xf5428c)
#5 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20
(ffmpeg+0x26e607)
#6 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11
(ffmpeg+0x26deb0)
#7 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#8 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#9 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#10 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#11 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Thread T18 (tid=1093068, running) created by main thread at:
#0 pthread_create ~/tsan/rtl/tsan_interceptors_posix.cpp:1048:3
(ffmpeg+0x16b8d6)
#1 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:151:19
(ffmpeg+0x290eb3e)
#2 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31
(ffmpeg+0x17d5cce)
#3 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16
(ffmpeg+0x17cee38)
#4 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15
(ffmpeg+0xf5428c)
#5 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20
(ffmpeg+0x26e607)
#6 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11
(ffmpeg+0x26deb0)
#7 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#8 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#9 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#10 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#11 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
SUMMARY: ThreadSanitizer: data race ~/ffmpeg/libavcodec/mpeg4video.h:73:9
in ff_mpeg4_pred_dc
}}}
== Other races on the variable `dc_val`:
- `mpeg4video.h:124`, `mpeg4video.h:73`
- `mpeg4video.h:124`, `mpeg4video.h:74`
- `mpegvideo.c:826`, `mpeg4video.h:74`
- `mpegvideo.c:839`, `mpeg4video.h:73`
--
Ticket URL: <https://trac.ffmpeg.org/ticket/10567>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list