[FFmpeg-trac] #3773(avfilter:new): regression: h264_mp4toannexb crashes
FFmpeg
trac at avcodec.org
Wed Jul 16 18:01:14 CEST 2014
#3773: regression: h264_mp4toannexb crashes
----------------------------------+---------------------------------------
Reporter: vi | Type: defect
Status: new | Priority: normal
Component: avfilter | Version: unspecified
Keywords: h264 | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+---------------------------------------
How to reproduce:
{{{
% ffmpeg -i somevideo.mp4 -an -vcodec copy -bsf h264_mp4toannexb -f h264
-y /dev/null
}}}
Starting from commit 07941c2cb28d6a80f628e035d61ab437d9719bf0 (according
to git-bisect) to current master's
9bc0410e4f891719b54a5788665526e22d94bb50.
ef1d4ee2f8b621a009d482d5b183a905bcb1cd74 works well.
MALLOC_CHECK_=1 works around the problem, the problem is clearly seen in
valgrind.
{{{
==5806== Invalid read of size 4
==5806== at 0x80F527A: av_packet_free_side_data (avpacket.c:276)
==5806== by 0x80F531D: av_free_packet (avpacket.c:296)
==5806== by 0x80D5144: av_interleaved_write_frame (mux.c:898)
==5806== by 0x8061114: write_frame (ffmpeg.c:689)
==5806== by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
==5806== by 0x80688E9: output_packet (ffmpeg.c:2187)
==5806== by 0x806EB49: process_input (ffmpeg.c:3515)
==5806== by 0x744F584: (below main) (libc-start.c:276)
==5806== Address 0x7aa96e0 is 0 bytes inside a block of size 12 free'd
==5806== at 0x4D5050C: free (vg_replace_malloc.c:427)
==5806== by 0x8436EC6: av_free (mem.c:232)
==5806== by 0x8436EE3: av_freep (mem.c:239)
==5806== by 0x80F52A4: av_packet_free_side_data (avpacket.c:277)
==5806== by 0x80F531D: av_free_packet (avpacket.c:296)
==5806== by 0x8060A04: write_frame (ffmpeg.c:621)
==5806== by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
==5806== by 0x80688E9: output_packet (ffmpeg.c:2187)
==5806== by 0x806EB49: process_input (ffmpeg.c:3515)
==5806== by 0x744F584: (below main) (libc-start.c:276)
==5806==
==5806== Invalid free() / delete / delete[] / realloc()
==5806== at 0x4D5050C: free (vg_replace_malloc.c:427)
==5806== by 0x8436EC6: av_free (mem.c:232)
==5806== by 0x80F5283: av_packet_free_side_data (avpacket.c:276)
==5806== by 0x80F531D: av_free_packet (avpacket.c:296)
==5806== by 0x80D5144: av_interleaved_write_frame (mux.c:898)
==5806== by 0x8061114: write_frame (ffmpeg.c:689)
==5806== by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
==5806== by 0x80688E9: output_packet (ffmpeg.c:2187)
==5806== by 0x806EB49: process_input (ffmpeg.c:3515)
==5806== by 0x744F584: (below main) (libc-start.c:276)
==5806== Address 0x9354340 is 0 bytes inside a block of size 68 free'd
==5806== at 0x4D5050C: free (vg_replace_malloc.c:427)
==5806== by 0x8436EC6: av_free (mem.c:232)
==5806== by 0x80F5283: av_packet_free_side_data (avpacket.c:276)
==5806== by 0x80F531D: av_free_packet (avpacket.c:296)
==5806== by 0x8060A04: write_frame (ffmpeg.c:621)
==5806== by 0x80660D2: do_streamcopy (ffmpeg.c:1694)
==5806== by 0x80688E9: output_packet (ffmpeg.c:2187)
==5806== by 0x806EB49: process_input (ffmpeg.c:3515)
==5806== by 0x744F584: (below main) (libc-start.c:276)
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/3773>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list