From 63231fa8d30f41045658d6c382b00fe1ebe18d05 Mon Sep 17 00:00:00 2001 From: Paul B Mahol Date: Thu, 11 Feb 2021 22:56:41 +0100 Subject: [PATCH] avcodec/pngdec: fix possible race condition with APNG decoding Fixes #9017 --- libavcodec/pngdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index 395b86bbe7..61642b7cbe 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -711,13 +711,13 @@ static int decode_idat_chunk(AVCodecContext *avctx, PNGDecContext *s, s->bpp += byte_depth; } - if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0) - return ret; if (avctx->codec_id == AV_CODEC_ID_APNG && s->last_dispose_op != APNG_DISPOSE_OP_PREVIOUS) { ff_thread_release_buffer(avctx, &s->previous_picture); if ((ret = ff_thread_get_buffer(avctx, &s->previous_picture, AV_GET_BUFFER_FLAG_REF)) < 0) return ret; } + if ((ret = ff_thread_get_buffer(avctx, &s->picture, AV_GET_BUFFER_FLAG_REF)) < 0) + return ret; p->pict_type = AV_PICTURE_TYPE_I; p->key_frame = 1; p->interlaced_frame = !!s->interlace_type;