Closed Bug 1543360 Opened 5 years ago Closed 5 years ago

Dav1d wrapper must expect a data free callback after close.

Categories

(Core :: Audio/Video: Playback, defect, P2)

Product:
Core
Component:
Audio/Video: Playback
Version:
66 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: achronop, Unassigned)

Details

In libdav1d code flow is possible to have a data free callback [1] after dav1d_close() [2]. This has been confirmed with dav1d's developers in IRC, I have not been able to reproduce it locally though. Currently we are not expecting that, and we assume that nothing happens after close. This must have created the low traffic crashes in bug 1540231.

Please note, this is blocked behind Bug 1543350. Even if dav1d wrapper had the correct logging, proper shutdown would not be possible without RDD keeping the decoder and TaskQueue alive until the end of the shutdown.

[1] https://code.videolan.org/videolan/dav1d/blob/master/include/dav1d/data.h#L68
[2] https://code.videolan.org/videolan/dav1d/blob/master/include/dav1d/dav1d.h#L187

Our architecture just can't allow for this. It will always lead to either data races or UAF. In fact the callback address provided to david is no longer valid the instant the dav1d wrapper is shutdown.

This must be resolved in dav1d.

I leave this open for now to track the problem, but the entire concept of a callback that may be called after the object has been shutdown is nonsensical.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
No longer depends on: 1543350
You need to log in before you can comment on or make changes to this bug.