[Ffmpeg-devel] segfault in ff_mpeg1_find_frame_end()

Stefan Lucke stefan
Sat May 14 00:04:08 CEST 2005


Ok, back to list.

On Donnerstag, 12. Mai 2005 21:55, Stefan Lucke wrote:

> Now I think it could be fixed in softdevice. At least when replacing
> av_read_packet() by av_read_frame() it doesn't crash anymore.


On Freitag, 13. Mai 2005 23:30, M?ns Rullg?rd wrote:
> Stefan Lucke <stefan at lucke.in-berlin.de> writes:
> 
> > Hi M?ns,
> >
> > Sorry for contacing you private, but no one seems to be interested in
> > this problem.
> 
> It's still better to post to the list.  Even if it has sparked little
> interest in the past, it may catch someone's attention.
> 
> > In contrast of my post yesterday, I got a crash when using
> > av_read_frame() too. At the time it crashed I was using softplay
> > plugin for vdr. So softdevice was not feed with data from vdr.
> >
> > I uploaded my sample to: http://www.lucke.in-berlin.de
> > file: crash.2.4_3-16_9.001.vdr
> >
> > I just need some help in locating the crash.
> 
> Decoding that file with ffmpeg is perfectly valgrind-clean.  Without
> any evidence suggesting otherwise, I'd say the bug is in vdr.  Have
> you reported it there?
> 

No. At the time the crash happend the file was read via softplay.
Softplay feeds data direct to softdevice. So vdr has no chance to
do something with data.

I just made some progress. At the beginning of function MPV_common_end()
there are av_freep() for the parser buffer and parser buffer_size
is set to 0. But I think pointer into the parses buffer are still
present. So I commented out these two lines and even with av_read_packet()
I get __no__ crash.

I run valgrind with the modified code and there are no new leaks compared
to run without my modification.

valgind with mod:
==10680==
==10680== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 23 from 1)
==10680== malloc/free: in use at exit: 65552 bytes in 2 blocks.
==10680== malloc/free: 6420 allocs, 6418 frees, 25955096 bytes allocated.
==10680== For counts of detected errors, rerun with: -v
==10680== searching for pointers to 2 not-freed blocks.
==10680== checked 573456 bytes.
==10680==
==10680== 65552 bytes in 2 blocks are still reachable in loss record 1 of 1
==10680==    at 0x1B907045: memalign (vg_replace_malloc.c:216)
==10680==    by 0x1B9B9817: av_malloc (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x1B9B7BE0: av_mallocz (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x1B9BB37C: (within /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x1B9BC4B7: MPV_encode_init (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x1BAA3A56: (within /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x1B9B86E0: avcodec_open (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==10680==    by 0x804DBD4: av_encode (ffmpeg.c:1749)
==10680==    by 0x8052AB1: main (ffmpeg.c:4231)
==10680==
==10680== LEAK SUMMARY:
==10680==    definitely lost: 0 bytes in 0 blocks.
==10680==      possibly lost: 0 bytes in 0 blocks.
==10680==    still reachable: 65552 bytes in 2 blocks.
==10680==         suppressed: 0 bytes in 0 blocks.

valgrind _without_ mod:
==9866==
==9866== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 23 from 1)
==9866== malloc/free: in use at exit: 65552 bytes in 2 blocks.
==9866== malloc/free: 6420 allocs, 6418 frees, 25955096 bytes allocated.
==9866== For counts of detected errors, rerun with: -v
==9866== searching for pointers to 2 not-freed blocks.
==9866== checked 573456 bytes.
==9866==
==9866== 65552 bytes in 2 blocks are still reachable in loss record 1 of 1
==9866==    at 0x1B907045: memalign (vg_replace_malloc.c:216)
==9866==    by 0x1B9B9817: av_malloc (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x1B9B7BE0: av_mallocz (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x1B9BB37C: (within /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x1B9BC4D7: MPV_encode_init (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x1BAA3A76: (within /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x1B9B86E0: avcodec_open (in /usr/local/lib/libavcodec-0.4.9-pre1.so)
==9866==    by 0x804DBD4: av_encode (ffmpeg.c:1749)
==9866==    by 0x8052AB1: main (ffmpeg.c:4231)
==9866==
==9866== LEAK SUMMARY:
==9866==    definitely lost: 0 bytes in 0 blocks.
==9866==      possibly lost: 0 bytes in 0 blocks.
==9866==    still reachable: 65552 bytes in 2 blocks.
==9866==         suppressed: 0 bytes in 0 blocks.

My modification:
--- cut ---
Index: libavcodec/mpegvideo.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/mpegvideo.c,v
retrieving revision 1.482
diff -U3 -r1.482 mpegvideo.c
--- libavcodec/mpegvideo.c      12 May 2005 01:31:11 -0000      1.482
+++ libavcodec/mpegvideo.c      13 May 2005 21:57:49 -0000
@@ -809,8 +809,8 @@
         av_freep(&s->thread_context[i]);
     }

-    av_freep(&s->parse_context.buffer);
-    s->parse_context.buffer_size=0;
+    //av_freep(&s->parse_context.buffer);
+    //s->parse_context.buffer_size=0;

     av_freep(&s->mb_type);
     av_freep(&s->p_mv_table_base);
--- cut ---


-- 
Stefan Lucke





More information about the ffmpeg-devel mailing list