[FFmpeg-trac] #4777(undetermined:open): Double free for -reset_timestamps 1 -f segment (was: FFMPEG Malloc crash, all versions OS X, lnx, windows)
FFmpeg
trac at avcodec.org
Tue Aug 18 14:50:55 CEST 2015
#4777: Double free for -reset_timestamps 1 -f segment
-------------------------------------+-------------------------------------
Reporter: tommes | Owner:
Type: defect | Status: open
Priority: important | Component:
Version: git-master | undetermined
Keywords: crash | Resolution:
regression | Blocked By:
Blocking: | Reproduced by developer: 1
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Changes (by cehoyos):
* keywords: crash => crash regression
* status: new => open
* reproduced: 0 => 1
Comment:
Regression since e5bae39f46e55843c025d280ed5441e358e59f2e
{{{
$ valgrind ./ffmpeg_g -i fate-suite/lena.pnm -reset_timestamps 1 -f
segment out%1d.avi
==21072== Memcheck, a memory error detector
==21072== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==21072== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==21072== Command: ./ffmpeg_g -i fate-suite/lena.pnm -reset_timestamps 1
-f segment out%1d.avi
==21072==
ffmpeg version N-74483-gb807f7e Copyright (c) 2000-2015 the FFmpeg
developers
built with gcc 4.7 (SUSE Linux)
configuration: --enable-gpl
libavutil 54. 30.100 / 54. 30.100
libavcodec 56. 57.100 / 56. 57.100
libavformat 56. 40.101 / 56. 40.101
libavdevice 56. 4.100 / 56. 4.100
libavfilter 5. 34.100 / 5. 34.100
libswscale 3. 1.101 / 3. 1.101
libswresample 1. 2.101 / 1. 2.101
libpostproc 53. 3.100 / 53. 3.100
Input #0, image2, from 'fate-suite/lena.pnm':
Duration: 00:00:00.04, start: 0.000000, bitrate: 39333 kb/s
Stream #0:0: Video: ppm, rgb24, 256x256, 25 tbr, 25 tbn, 25 tbc
==21072== Invalid read of size 8
==21072== at 0x777A59F: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==21072== by 0x772E8A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==21072== by 0xF78FCE: av_strtod (eval.c:100)
==21072== by 0xF79814: parse_primary (eval.c:333)
==21072== by 0xF7A2C0: parse_factor (eval.c:493)
==21072== by 0xF7A4BB: parse_term (eval.c:542)
==21072== by 0xF7955E: parse_expr (eval.c:566)
==21072== by 0xF7A6C5: av_expr_parse (eval.c:684)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== Address 0xb814fc0 is 0 bytes inside a block of size 3 alloc'd
==21072== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0xF82B09: av_malloc (mem.c:97)
==21072== by 0xF7A608: av_expr_parse (eval.c:661)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== by 0x4A9FE6: avfilter_graph_config (avfiltergraph.c:275)
==21072== by 0x486CD4: configure_filtergraph (ffmpeg_filter.c:1042)
==21072== by 0x48C25A: transcode_init (ffmpeg.c:2996)
==21072== by 0x491E05: transcode (ffmpeg.c:3928)
==21072==
==21072== Invalid read of size 8
==21072== at 0x777A5A7: __GI___strncasecmp_l (in /lib64/libc-2.15.so)
==21072== by 0x772E8A5: ____strtod_l_internal (in /lib64/libc-2.15.so)
==21072== by 0xF78FCE: av_strtod (eval.c:100)
==21072== by 0xF79814: parse_primary (eval.c:333)
==21072== by 0xF7A2C0: parse_factor (eval.c:493)
==21072== by 0xF7A4BB: parse_term (eval.c:542)
==21072== by 0xF7955E: parse_expr (eval.c:566)
==21072== by 0xF7A6C5: av_expr_parse (eval.c:684)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== Address 0xb814fc8 is 5 bytes after a block of size 3 alloc'd
==21072== at 0x4C290FE: memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x4C291A7: posix_memalign (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0xF82B09: av_malloc (mem.c:97)
==21072== by 0xF7A608: av_expr_parse (eval.c:661)
==21072== by 0xF7A893: av_expr_parse_and_eval (eval.c:725)
==21072== by 0x5167CE: config_props (vf_scale.c:267)
==21072== by 0x4A5B80: avfilter_config_links (avfilter.c:262)
==21072== by 0x4A5B63: avfilter_config_links (avfilter.c:251)
==21072== by 0x4A9FE6: avfilter_graph_config (avfiltergraph.c:275)
==21072== by 0x486CD4: configure_filtergraph (ffmpeg_filter.c:1042)
==21072== by 0x48C25A: transcode_init (ffmpeg.c:2996)
==21072== by 0x491E05: transcode (ffmpeg.c:3928)
==21072==
Output #0, segment, to 'out%1d.avi':
Metadata:
encoder : Lavf56.40.101
Stream #0:0: Video: mpeg4, yuv420p, 256x256, q=2-31, 200 kb/s, 25 fps,
25 tbn, 25 tbc
Metadata:
encoder : Lavc56.57.100 mpeg4
Stream mapping:
Stream #0:0 -> #0:0 (ppm (native) -> mpeg4 (native))
Press [q] to stop, [?] for help
==21072== Invalid read of size 8
==21072== at 0xF82D23: av_freep (mem.c:247)
==21072== by 0x6BC9A3: av_free_packet (avpacket.c:275)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
==21072== Invalid write of size 8
==21072== at 0xF82D26: av_freep (mem.c:248)
==21072== by 0x6BC9A3: av_free_packet (avpacket.c:275)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
==21072== Invalid free() / delete / delete[] / realloc()
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072== Address 0xb83bdf0 is 0 bytes inside a block of size 16 free'd
==21072== at 0x4C29D4E: free (in /usr/lib64/valgrind
/vgpreload_memcheck-amd64-linux.so)
==21072== by 0x6BC9B4: av_free_packet (avpacket.c:276)
==21072== by 0x605869: av_interleaved_write_frame (mux.c:955)
==21072== by 0x605E44: ff_write_chained (mux.c:1043)
==21072== by 0x65B596: seg_write_packet (segment.c:836)
==21072== by 0x6042BC: write_packet (mux.c:641)
==21072== by 0x60591D: av_interleaved_write_frame (mux.c:951)
==21072== by 0x48D101: write_frame (ffmpeg.c:781)
==21072== by 0x48E3D2: do_video_out (ffmpeg.c:1220)
==21072== by 0x48F5D6: reap_filters (ffmpeg.c:1383)
==21072== by 0x4927FD: transcode (ffmpeg.c:3914)
==21072== by 0x475DBA: main (ffmpeg.c:4140)
==21072==
frame= 1 fps=0.0 q=3.8 Lsize=N/A time=00:00:00.04 bitrate=N/A
video:11kB audio:0kB subtitle:0kB other streams:0kB global headers:0kB
muxing overhead: unknown
==21072==
==21072== HEAP SUMMARY:
==21072== in use at exit: 97 bytes in 3 blocks
==21072== total heap usage: 2,019 allocs, 2,017 frees, 4,749,723 bytes
allocated
==21072==
==21072== LEAK SUMMARY:
==21072== definitely lost: 9 bytes in 1 blocks
==21072== indirectly lost: 0 bytes in 0 blocks
==21072== possibly lost: 0 bytes in 0 blocks
==21072== still reachable: 88 bytes in 2 blocks
==21072== suppressed: 0 bytes in 0 blocks
==21072== Rerun with --leak-check=full to see details of leaked memory
==21072==
==21072== For counts of detected and suppressed errors, rerun with: -v
==21072== ERROR SUMMARY: 9 errors from 5 contexts (suppressed: 2 from 2)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/4777#comment:3>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list