[FFmpeg-devel] [PATCH] Fix a crash when adding many video clips to a kdenlive project:

Michael Niedermayer michaelni at gmx.at
Wed Aug 31 14:38:31 CEST 2011


Hi Mikko

On Sat, Aug 27, 2011 at 07:02:47PM +0300, Mikko Rapeli wrote:
> *** glibc detected *** /usr/bin/kdenlive: munmap_chunk(): invalid pointer: 0x6b6b6961 ***
> ======= Backtrace: =========
> /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6aac1)[0xb5c36ac1]
> /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6bd3e)[0xb5c37d3e]
> /usr/lib/i386-linux-gnu/i686/cmov/libavutil.so.51(av_freep+0x12)[0xb0223632]
> ======= Memory map: ========
> 
> (gdb) bt full
> No symbol table info available.
>     at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
>         resultvar = <optimized out>
>         pid = -1244520460
>         selftid = 6048
>         act = {__sigaction_handler = {
>             sa_handler = 0xb7fff4e4 <_rtld_global+1220>,
>             sa_sigaction = 0xb7fff4e4 <_rtld_global+1220>}, sa_mask = {
>             __val = {851968, 2955052656, 2954984288, 2893854976, 3078,
>               2893854944, 2954980608, 2954979420, 0, 77, 2893854788,
>               3049852392, 9, 2893854872, 3050446836, 3, 2893856332,
>               2893854992, 3049970916, 56, 2893854872, 9, 0, 2893854968,
>               2893854980, 7, 3050301468, 3050301464, 3050296943, 3050297008,
>               18, 2893854872}}, sa_flags = -1401112352,
>           sa_restorer = 0xb5cffbf6}
>         sigs = {__val = {32, 0 <repeats 31 times>}}
>     fmt=0xb5d01a90 "*** glibc detected *** %s: %s: 0x%s ***\n")
>     at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
>         ap = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
>         fd = -1401111992
>         on_2 = <optimized out>
>         list = <optimized out>
>         nlist = <optimized out>
>         cp = <optimized out>
>         written = false
>     str=0x6 <Address 0x6 out of bounds>, ptr=0x6b6b6961) at malloc.c:6283
>         buf = "6b6b6961"
>         cp = <optimized out>
>         __func__ = "munmap_chunk"
>         block = <optimized out>
>         total_size = 4294967287
>         ret = <optimized out>
> No locals.
>         ptr = 0x134a3d9c
> No locals.
>     at producer_avformat.c:2452
> ---Type <return> to continue, or q <return> to quit---
>         producer = 0x125e82d8
>         context = <optimized out>
>         properties = 0x125e82d8
>         frame_properties = 0x1269e288
>         index = 1
>     at producer_avformat.c:2530
>         service = 0x125e82d8
>         cache_item = <optimized out>
>         self = 0xffcecc8
>         position = <optimized out>
>     index=0) at mlt_producer.c:584
>         properties = 0x125e82d8
>         eof = <optimized out>
>         speed = 1
>         clone = <optimized out>
>         result = 1
>         self = 0x125e82d8
>     index=0) at mlt_service.c:481
>         new_position = 1
>         previous_frame = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
>         next_frame = <optimized out>
>         properties = 0x121abef0
>         in = 0
>         out = 1996
>         position = 0
>         result = <optimized out>
>     at MltService.cpp:95
>         frame = 0x121abef0
>         result = 0xb7f8db37
>     at /home/mcfrisk/src/kdenlive-git/src/kthumb.cpp:408
>         mlt_frame = <optimized out>
>         z = 0
>         producer = {<Mlt::Service> = {<Mlt::Properties> = {
>               _vptr.Properties = 0xb7f971f8, instance = 0x0}, instance = 0x0},
>           instance = 0x125e82d8, parent_ = 0x0}
>         __PRETTY_FUNCTION__ = "void KThumb::slotCreateAudioThumbs()"
>         last_val = 0
>         val = 0
>         prof = {instance = 0xf7b71b8}
>     at /usr/include/qt4/QtCore/qtconcurrentrunbase.h:120
> ---Type <return> to continue, or q <return> to quit---
> No locals.
>     at /usr/include/qt4/QtCore/qtconcurrentrunbase.h:114
> No locals.
>     at concurrent/qthreadpool.cpp:106
>         r = 0x644a3e70
>         expired = <optimized out>
>         locker = {val = 218480224}
>     at thread/qthread_unix.cpp:320
>         __clframe = {
>           __cancel_routine = 0xb7c48400 <QThreadPrivate::finish(void*)>,
>           __cancel_arg = 0x87ddef0, __do_it = 1,
>           __cancel_type = <optimized out>}
>         thr = 0x87ddef0
>         data = 0xd05c2f8
>         __res = <optimized out>
>         __ignore1 = <optimized out>
>         __ignore2 = <optimized out>
>         pd = 0xac7ccb70
>         now = <optimized out>
> ---Type <return> to continue, or q <return> to quit---
>         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1220292620, 0, 4001536,
>                 -1401109448, 766084995, 1370961333}, mask_was_saved = 0}},
>           priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
>               cleanup = 0x0, canceltype = 0}}}
>         not_first_call = <optimized out>
>         freesize = <optimized out>
>         __PRETTY_FUNCTION__ = "start_thread"
> No locals.
> Backtrace stopped: Not enough registers or memory available to unwind further
> ---
>  libavcodec/utils.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/libavcodec/utils.c b/libavcodec/utils.c
> index ee1bfcc..4ad902b 100644
> --- a/libavcodec/utils.c
> +++ b/libavcodec/utils.c
> @@ -886,8 +886,8 @@ av_cold int avcodec_close(AVCodecContext *avctx)
>      avctx->coded_frame = NULL;
>      if (avctx->codec && avctx->codec->priv_class)
>          av_opt_free(avctx->priv_data);
> -    av_opt_free(avctx);
>      av_freep(&avctx->priv_data);
> +    av_opt_free(avctx);

Can you explain why you think the order of these 2 functions can
trigger a bug ?
also valgrind output should help in understanding the bug

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I hate to see young programmers poisoned by the kind of thinking
Ulrich Drepper puts forward since it is simply too narrow -- Roman Shaposhnik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20110831/9c2124bc/attachment.asc>


More information about the ffmpeg-devel mailing list