avcodec/pngdec: fix possible race condition with APNG decoding

author Paul B Mahol <onemda@gmail.com>

Thu, 11 Feb 2021 21:56:41 +0000 (22:56 +0100)

committer Paul B Mahol <onemda@gmail.com>

Sat, 13 Feb 2021 12:24:45 +0000 (13:24 +0100)
author Paul B Mahol <onemda@gmail.com>
Thu, 11 Feb 2021 21:56:41 +0000 (22:56 +0100)
committer Paul B Mahol <onemda@gmail.com>
Sat, 13 Feb 2021 12:24:45 +0000 (13:24 +0100)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c

index 395b86bbe7b6ddbb91ae248528ec9d3bdafa7af9..61642b7cbe5eb649287a96905c49707d1e8229b9 100644 (file)
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -711,13 +711,13 @@ static int decode_idat_chunk(AVCodecContext *avctx, PNGDecContext *s,
              s->bpp += byte_depth;
          }
  
-        if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0)
-            return ret;
          if (avctx->codec_id == AV_CODEC_ID_APNG && s->last_dispose_op != APNG_DISPOSE_OP_PREVIOUS) {
              ff_thread_release_buffer(avctx, &s->previous_picture);
              if ((ret = ff_thread_get_buffer(avctx, &s->previous_picture, AV_GET_BUFFER_FLAG_REF)) < 0)
                  return ret;
          }
+        if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0)
+            return ret;
          p->pict_type        = AV_PICTURE_TYPE_I;
          p->key_frame        = 1;
          p->interlaced_frame = !!s->interlace_type;
author	Paul B Mahol <onemda@gmail.com>
	Thu, 11 Feb 2021 21:56:41 +0000 (22:56 +0100)
committer	Paul B Mahol <onemda@gmail.com>
	Sat, 13 Feb 2021 12:24:45 +0000 (13:24 +0100)