[FFmpeg-trac] #2905(undetermined:new): Regression: Double free
FFmpeg
trac at avcodec.org
Thu Aug 29 17:17:18 CEST 2013
#2905: Regression: Double free
-------------------------------------+-------------------------------------
Reporter: Krieger | Owner:
Type: defect | Status: new
Priority: important | Component:
Version: git-master | undetermined
Keywords: crash | Resolution:
regression | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Comment (by Krieger):
$ cat ~/.valgrindrc
--memcheck:num-callers=50
--memcheck:leak-check=full
--memcheck:leak-resolution=high
--memcheck:track-origins=yes
--memcheck:show-reachable=yes
--memcheck:show-possibly-lost=yes
--memcheck:malloc-fill=11
--memcheck:free-fill=33
[OK]
18:15:40krieger at zver /usr/local/src/ffmpeg
$ valgrind /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1 -filter:v
fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts
==9253== Memcheck, a memory error detector
==9253== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==9253== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==9253== Command: /usr/local/src/ffmpeg/ffmpeg -i sample.ts -t 0.1
-filter:v fps=fps=30 -vcodec libx264 -b:v 2000000 -y out.ts
==9253==
ffmpeg version N-55787-gabe76b8 Copyright (c) 2000-2013 the FFmpeg
developers
built on Aug 29 2013 17:45:47 with gcc 4.6.3 (Gentoo 4.6.3 p1.13,
pie-0.5.2)
configuration: --enable-gpl --enable-libx264 --enable-encoder=libx264
--disable-stripping --enable-debug --extra-cflags='-O0 -g -ggdb'
libavutil 52. 42.100 / 52. 42.100
libavcodec 55. 29.100 / 55. 29.100
libavformat 55. 14.102 / 55. 14.102
libavdevice 55. 3.100 / 55. 3.100
libavfilter 3. 82.102 / 3. 82.102
libswscale 2. 5.100 / 2. 5.100
libswresample 0. 17.103 / 0. 17.103
libpostproc 52. 3.100 / 52. 3.100
[mpegts @ 0x7519e60] PES packet size mismatch
Last message repeated 1 times
Input #0, mpegts, from 'sample.ts':
Duration: 00:00:00.43, start: 1.400000, bitrate: 1888 kb/s
Program 1
Metadata:
service_name : Service01
service_provider: FFmpeg
Stream #0:0[0x100]: Video: h264 (High 4:4:4 Predictive) ([27][0][0][0]
/ 0x001B), yuv444p, 1280x1024, 29.97 fps, 29.97 tbr, 90k tbn, 59.94 tbc
No pixel format specified, yuv444p for H.264 encoding chosen.
Use -pix_fmt yuv420p for compatibility with outdated media players.
[libx264 @ 0x81785c0] using cpu capabilities: none!
[libx264 @ 0x81785c0] profile High 4:4:4 Predictive, level 3.2, 4:4:4
8-bit
Output #0, mpegts, to 'out.ts':
Metadata:
encoder : Lavf55.14.102
Stream #0:0: Video: h264 (libx264), yuv444p, 1280x1024, q=-1--1, 2000
kb/s, 90k tbn, 30 tbc
Stream mapping:
Stream #0:0 -> #0:0 (h264 -> libx264)
Press [q] to stop, [?] for help
==9253== Invalid write of size 8 0kB time=00:00:00.00 bitrate=N/A
==9253== at 0x4A35C4: filter_frame (vf_fps.c:255)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624
free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0x482650: ff_filter_frame_framed (avfilter.c:1030)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1628 is 200 bytes inside a block of size 624
free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 4
==9253== at 0xB828D4: av_frame_unref (frame.c:339)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1788 is 552 bytes inside a block of size 624
free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828F0: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x1e2d1780 is 544 bytes inside a block of size 624
free'd
==9253== at 0x4C2B2CC: free (vg_replace_malloc.c:446)
==9253== by 0xB88B5B: av_freep (mem.c:210)
==9253== by 0x491EFD: trim_filter_frame (trim.c:193)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x47122C: process_input (ffmpeg.c:3085)
==9253== by 0x4600DD: main (ffmpeg.c:3181)
==9253==
==9253== Invalid read of size 8
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
==9253== Address 0x3333333333333333 is not stack'd, malloc'd or
(recently) free'd
==9253==
==9253==
==9253== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==9253== General Protection Fault
==9253== at 0xB828FB: av_frame_unref (frame.c:340)
==9253== by 0xB82F95: av_frame_free (frame.c:112)
==9253== by 0x48289D: ff_filter_frame_framed (avfilter.c:985)
==9253== by 0x482A70: default_filter_frame (avfilter.c:1125)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x4A35CF: filter_frame (vf_fps.c:257)
==9253== by 0x48270C: ff_filter_frame_framed (avfilter.c:1051)
==9253== by 0x4848B8: ff_filter_frame (avfilter.c:1125)
==9253== by 0x488361: request_frame (buffersrc.c:491)
==9253== by 0x488665: av_buffersrc_add_frame_internal (buffersrc.c:170)
==9253== by 0x48878D: av_buffersrc_add_frame_flags (buffersrc.c:107)
==9253== by 0x46F0DD: output_packet (ffmpeg.c:1744)
==9253== by 0x45FC63: main (ffmpeg.c:3253)
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/2905#comment:4>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list