[FFmpeg-trac] #4961(avformat:new): Invalid free(); ffio_ensure_seekback (aviobuf.c:829)

FFmpeg trac at avcodec.org
Sat Oct 24 00:35:38 CEST 2015


#4961: Invalid free(); ffio_ensure_seekback (aviobuf.c:829)
------------------------------------+------------------------------------
             Reporter:  minde       |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  normal      |                Component:  avformat
              Version:  git-master  |               Resolution:
             Keywords:              |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
------------------------------------+------------------------------------

Comment (by minde):

 it seems that the problem comes from ffmpeg at aviobuf.c:829, but I hope
 you know better than I do.
 https://github.com/FFmpeg/FFmpeg/blob/master/libavformat/aviobuf.c#L829

 {{{
 ==22106== Thread 4 decoder:
 ==22106== Invalid free() / delete / delete[] / realloc()
 ==22106==    at 0x40074BC: free (vg_replace_malloc.c:473)
 ==22106==    by 0x43468EF: ffio_ensure_seekback (aviobuf.c:829)
 ==22106==    by 0x43CB392: mp3_read_header (mp3dec.c:383)
 ==22106==    by 0x445A9EC: avformat_open_input (utils.c:473)
 ==22106==    by 0x8091CF6: FfmpegOpenInput (FfmpegDecoderPlugin.cxx:72)
 ==22106==    by 0x8091CF6: ffmpeg_decode(Decoder&, InputStream&)
 (FfmpegDecoderPlugin.cxx:605)
 ==22106==    by 0x80772F3: StreamDecode (DecoderPlugin.hxx:132)
 ==22106==    by 0x80772F3: decoder_stream_decode(DecoderPlugin const&,
 Decoder&, InputStream&) (DecoderThread.cxx:150)
 ==22106==    by 0x8077A78: __call<bool, const DecoderPlugin&, 0u, 1u, 2u,
 3u, 4u> (functional:1264)
 ==22106==    by 0x8077A78: operator()<const DecoderPlugin&, bool>
 (functional:1323)
 ==22106==    by 0x8077A78: decoder_plugins_try<std::_Bind<bool
 (*(std::reference_wrapper<Decoder>, std::reference_wrapper<InputStream>,
 char const*, std::_Placeholder<1>,
 std::reference_wrapper<bool>))(Decoder&, InputStream&, char const*, const
 DecoderPlugin&, bool&)> > (DecoderList.hxx:60)
 ==22106==    by 0x8077A78: decoder_run_stream_locked
 (DecoderThread.cxx:247)
 ==22106==    by 0x8077A78: decoder_run_stream (DecoderThread.cxx:284)
 ==22106==    by 0x8077A78: decoder_run_song (DecoderThread.cxx:393)
 ==22106==    by 0x8077A78: decoder_run(DecoderControl&)
 (DecoderThread.cxx:449)
 ==22106==    by 0x8077C45: decoder_task(void*) (DecoderThread.cxx:472)
 ==22106==    by 0x80B144C: Thread::ThreadProc(void*) (Thread.cxx:108)
 ==22106==    by 0x44F861B4: start_thread (pthread_create.c:309)
 ==22106==    by 0x44E5982D: clone (clone.S:129)
 ==22106==  Address 0xaa630bc is on thread 4's stack
 ==22106==  in frame #4, created by ffmpeg_decode(Decoder&, InputStream&)
 (FfmpegDecoderPlugin.cxx:590)
 }}}

--
Ticket URL: <https://trac.ffmpeg.org/ticket/4961#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list