I initially discovered a signed integer overflow on this line. Since this value is updated in multiple threads, I use an atomic update and as it happens atomic addition is defined to wrap around. However, there's still a potential bug in that the error_count may wrap around and equal zero again causing problems down the line.
---
libavcodec/mpeg12dec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index d5bc5f21b2..b7c3b5106e 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -28,6 +28,7 @@
#define UNCHECKED_BITSTREAM_READER 1
#include <inttypes.h>
+#include "libavutil/atomic.h"
#include "libavutil/attributes.h"
#include "libavutil/imgutils.h"
#include "libavutil/internal.h"
@@ -2476,7 +2477,7 @@ static int decode_chunks(AVCodecContext *avctx,
AVFrame *picture,
&s2->thread_context[0], NULL,
s->slice_count, sizeof(void *));
for (i = 0; i < s->slice_count; i++)
- s2->er.error_count +=
s2->thread_context[i]->er.error_count;
+
avpriv_atomic_int_add_and_fetch(&s2->er.error_count,
s2->thread_context[i]->er.error_count);
}
ret = slice_end(avctx, picture);
--
2.15.0.448.gf294e3d99a-goog
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
