Opened 3 years ago
#10567 new defect
Data race in mpegvideo.c and mpeg4video.h
| Reported by: | hcantunc | Owned by: | |
|---|---|---|---|
| Priority: | normal | Component: | ffmpeg |
| Version: | git-master | Keywords: | data race |
| Cc: | hcantunc | Blocked By: | |
| Blocking: | Reproduced by developer: | no | |
| Analyzed by developer: | no |
Description
Summary of the bug:
I'm developing a new bug detector on top of TSan, which found a data race in mpeg4video.h and mpegvideo.c. I confirmed that this issue is also reproducible with the original TSan. Below please find the detailed report.
How to reproduce:
% ./ffmpeg -y -threads 4 -i input.mp4 output.avi ffmpeg version 6.0 built on Ubuntu 20.04 with TSan enabled.
There also seems a number of other races on the same variable dc_val in different lines. Below, I have also put the other line number pairs where a race was found.
WARNING: ThreadSanitizer: data race (pid=1093048)
Read of size 2 at 0x7b8c00006b64 by thread T19 (mutexes: write M0):
#0 ff_mpeg4_pred_dc ~/ffmpeg/libavcodec/mpeg4video.h:73:9 (ffmpeg+0x161a1f6)
#1 ff_mpeg4_encode_mb ~/ffmpeg/libavcodec/mpeg4videoenc.c:806:26 (ffmpeg+0x1618a8f)
#2 encode_mb_internal ~/ffmpeg/libavcodec/mpegvideo_enc.c:2462:13 (ffmpeg+0x169c929)
#3 encode_mb ~/ffmpeg/libavcodec/mpegvideo_enc.c:2504:9 (ffmpeg+0x169c929)
#4 encode_thread ~/ffmpeg/libavcodec/mpegvideo_enc.c:3431:17 (ffmpeg+0x169c929)
#5 worker_func ~/ffmpeg/libavcodec/pthread_slice.c:76:21 (ffmpeg+0x17d5fe4)
#6 run_jobs ~/ffmpeg/libavutil/slicethread.c:65:9 (ffmpeg+0x290fb42)
#7 thread_worker ~/ffmpeg/libavutil/slicethread.c:89:13 (ffmpeg+0x290f14d)
Previous write of size 2 at 0x7b8c00006b64 by thread T18 (mutexes: write M1):
#0 ff_clean_intra_table_entries ~/ffmpeg/libavcodec/mpegvideo.c:840:22 (ffmpeg+0x165a72f)
#1 mpv_reconstruct_mb_internal ~/ffmpeg/libavcodec/mpv_reconstruct_mb_template.c:68:17 (ffmpeg+0x16b5772)
#2 mpv_reconstruct_mb ~/ffmpeg/libavcodec/mpegvideo_enc.c:1047:5 (ffmpeg+0x16b5772)
#3 encode_thread ~/ffmpeg/libavcodec/mpegvideo_enc.c:3440:17 (ffmpeg+0x16a53f5)
#4 worker_func ~/ffmpeg/libavcodec/pthread_slice.c:76:21 (ffmpeg+0x17d5fe4)
#5 run_jobs ~/ffmpeg/libavutil/slicethread.c:65:9 (ffmpeg+0x290fb42)
#6 thread_worker ~/ffmpeg/libavutil/slicethread.c:89:13 (ffmpeg+0x290f14d)
Location is heap block of size 6870 at 0x7b8c00005400 allocated by main thread:
#0 posix_memalign ~/tsan/rtl/tsan_interceptors_posix.cpp:884:3 (ffmpeg+0x182377)
#1 av_malloc ~/ffmpeg/libavutil/mem.c:105:9 (ffmpeg+0x28b0cb9)
#2 av_mallocz ~/ffmpeg/libavutil/mem.c:256:17 (ffmpeg+0x28b1325)
#3 av_calloc ~/ffmpeg/libavutil/mem.c:267:12 (ffmpeg+0x28b13c1)
#4 ff_mpv_init_context_frame ~/ffmpeg/libavcodec/mpegvideo.c:611:14 (ffmpeg+0x1658745)
#5 ff_mpv_common_init ~/ffmpeg/libavcodec/mpegvideo.c:727:16 (ffmpeg+0x1659097)
#6 ff_mpv_encode_init ~/ffmpeg/libavcodec/mpegvideo_enc.c:803:16 (ffmpeg+0x167cfa0)
#7 encode_init ~/ffmpeg/libavcodec/mpeg4videoenc.c:1291:16 (ffmpeg+0x161ee0c)
#8 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:322:19 (ffmpeg+0xf54382)
#9 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20 (ffmpeg+0x26e607)
#10 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11 (ffmpeg+0x26deb0)
#11 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#12 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#13 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#14 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#15 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Mutex M0 (0x7b5c00003338) created at:
#0 pthread_mutex_init ~/tsan/rtl/tsan_interceptors_posix.cpp:1341:3 (ffmpeg+0x1a6782)
#1 strict_pthread_mutex_init ~/ffmpeg/libavutil/thread.h:78:9 (ffmpeg+0x290ee1c)
#2 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:146:9 (ffmpeg+0x290eae2)
#3 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31 (ffmpeg+0x17d5cce)
#4 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16 (ffmpeg+0x17cee38)
#5 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15 (ffmpeg+0xf5428c)
#6 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20 (ffmpeg+0x26e607)
#7 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11 (ffmpeg+0x26deb0)
#8 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#9 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#10 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#11 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#12 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Mutex M1 (0x7b5c000032c8) created at:
#0 pthread_mutex_init ~/tsan/rtl/tsan_interceptors_posix.cpp:1341:3 (ffmpeg+0x1a6782)
#1 strict_pthread_mutex_init ~/ffmpeg/libavutil/thread.h:78:9 (ffmpeg+0x290ee1c)
#2 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:146:9 (ffmpeg+0x290eae2)
#3 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31 (ffmpeg+0x17d5cce)
#4 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16 (ffmpeg+0x17cee38)
#5 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15 (ffmpeg+0xf5428c)
#6 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20 (ffmpeg+0x26e607)
#7 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11 (ffmpeg+0x26deb0)
#8 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#9 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#10 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#11 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#12 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Thread T19 (tid=1093069, running) created by main thread at:
#0 pthread_create ~/tsan/rtl/tsan_interceptors_posix.cpp:1048:3 (ffmpeg+0x16b8d6)
#1 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:151:19 (ffmpeg+0x290eb3e)
#2 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31 (ffmpeg+0x17d5cce)
#3 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16 (ffmpeg+0x17cee38)
#4 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15 (ffmpeg+0xf5428c)
#5 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20 (ffmpeg+0x26e607)
#6 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11 (ffmpeg+0x26deb0)
#7 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#8 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#9 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#10 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#11 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
Thread T18 (tid=1093068, running) created by main thread at:
#0 pthread_create ~/tsan/rtl/tsan_interceptors_posix.cpp:1048:3 (ffmpeg+0x16b8d6)
#1 avpriv_slicethread_create ~/ffmpeg/libavutil/slicethread.c:151:19 (ffmpeg+0x290eb3e)
#2 ff_slice_thread_init ~/ffmpeg/libavcodec/pthread_slice.c:164:31 (ffmpeg+0x17d5cce)
#3 ff_thread_init ~/ffmpeg/libavcodec/pthread.c:76:16 (ffmpeg+0x17cee38)
#4 avcodec_open2 ~/ffmpeg/libavcodec/avcodec.c:309:15 (ffmpeg+0xf5428c)
#5 init_output_stream ~/ffmpeg/fftools/ffmpeg.c:3233:20 (ffmpeg+0x26e607)
#6 init_output_stream_wrapper ~/ffmpeg/fftools/ffmpeg.c:739:11 (ffmpeg+0x26deb0)
#7 do_video_out ~/ffmpeg/fftools/ffmpeg.c:1265:5 (ffmpeg+0x27621c)
#8 reap_filters ~/ffmpeg/fftools/ffmpeg.c:1426:17 (ffmpeg+0x274461)
#9 transcode_step ~/ffmpeg/fftools/ffmpeg.c:4002:12 (ffmpeg+0x269fb0)
#10 transcode ~/ffmpeg/fftools/ffmpeg.c:4039:15 (ffmpeg+0x267725)
#11 main ~/ffmpeg/fftools/ffmpeg.c:4177:9 (ffmpeg+0x266be9)
SUMMARY: ThreadSanitizer: data race ~/ffmpeg/libavcodec/mpeg4video.h:73:9 in ff_mpeg4_pred_dc
Other races on the variable dc_val:
mpeg4video.h:124,mpeg4video.h:73mpeg4video.h:124,mpeg4video.h:74mpegvideo.c:826,mpeg4video.h:74mpegvideo.c:839,mpeg4video.h:73
Note:
See TracTickets
for help on using tickets.
