[FFmpeg-trac] #6936(undetermined:new): double free or corruption in remove_decoded_packets()

FFmpeg trac at avcodec.org
Fri Dec 29 00:06:31 EET 2017 

#6936: double free or corruption in remove_decoded_packets()
-------------------------------------+-------------------------------------
             Reporter:  tzimmo       |                     Type:  defect
               Status:  new          |                 Priority:  normal
            Component:               |                  Version:  git-
  undetermined                       |  master
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
 (gdb) run
 Starting program: /tmp/ffmpeg/bin/ffmpeg -i foobar.vob -fflags +genpts
 -target pal-dvd -vcodec copy -acodec copy -scodec dvbsub -map \#0x1e0 -map
 \#0x80 -map \#0x23 -metadata:s:s:0 language=fin out.vob
 [Thread debugging using libthread_db enabled]
 Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
 ffmpeg version N-84734-g0ecb1c5 Copyright (c) 2000-2017 the FFmpeg
 developers
   built with gcc 4.9.2 (Debian 4.9.2-10)
   configuration: --prefix=/tmp/ffmpeg --enable-static --disable-shared
 --enable-pic --disable-x86asm --disable-stripping --disable-optimizations
   libavutil      56.  0.100 / 56.  0.100
   libavcodec     58.  3.103 / 58.  3.103
   libavformat    58.  2.100 / 58.  2.100
   libavdevice    58.  0.100 / 58.  0.100
   libavfilter     7.  1.100 /  7.  1.100
   libswscale      5.  0.101 /  5.  0.101
   libswresample   3.  0.101 /  3.  0.101
 Input #0, mpeg, from 'foobar.vob':
   Duration: 00:18:32.19, start: 0.287267, bitrate: 8060 kb/s
     Stream #0:0[0x1e0]: Video: mpeg2video (Main), yuv420p(tv, top first),
 720x576 [SAR 64:45 DAR 16:9], 25 fps, 25 tbr, 90k tbn, 50 tbc
     Stream #0:1[0x80]: Audio: ac3, 48000 Hz, 5.1(side), fltp, 384 kb/s
     Stream #0:2[0x21]: Subtitle: dvd_subtitle
     Stream #0:3[0x22]: Subtitle: dvd_subtitle
     Stream #0:4[0x24]: Subtitle: dvd_subtitle
     Stream #0:5[0x26]: Subtitle: dvd_subtitle
     Stream #0:6[0x28]: Subtitle: dvd_subtitle
     Stream #0:7[0x23]: Subtitle: dvd_subtitle
     Stream #0:8[0x20]: Subtitle: dvd_subtitle
     Stream #0:9[0x25]: Subtitle: dvd_subtitle
     Stream #0:10[0x27]: Subtitle: dvd_subtitle
 File 'out.vob' already exists. Overwrite ? [y/N] y
 [dvd @ 0x23f7de0] VBV buffer size not set, using default size of 130KB
 If you want the mpeg file to be compliant to some specification
 Like DVD, VCD or others, make sure you set the correct buffer size
 Output #0, dvd, to 'out.vob':
   Metadata:
     encoder         : Lavf58.2.100
     Stream #0:0: Video: mpeg2video (Main), yuv420p(tv, top first), 720x576
 [SAR
 64:45 DAR 16:9], q=2-31, 6000 kb/s, 25 fps, 25 tbr, 90k tbn, 25 tbc
     Stream #0:1: Audio: ac3, 48000 Hz, 5.1(side), fltp, 448 kb/s
     Stream #0:2(fin): Subtitle: dvb_subtitle (dvbsub), 720x576
     Metadata:
       encoder         : Lavc58.3.103 dvbsub
 Stream mapping:
   Stream #0:0 -> #0:0 (copy)
   Stream #0:1 -> #0:1 (copy)
   Stream #0:7 -> #0:2 (dvd_subtitle (dvdsub) -> dvb_subtitle (dvbsub))
 Press [q] to stop, [?] for help
 [dvd @ 0x23f7de0] Timestamps are unset in a packet for stream 0. This is
 deprecated and will stop working in the future. Fix your code to set the
 timestamps properly
 *** Error in `/tmp/ffmpeg/bin/ffmpeg': double free or corruption
 (fasttop): 0x000000000240be60 ***

 Program received signal SIGABRT, Aborted.
 0x00007ffff5ea5067 in __GI_raise (sig=sig at entry=6)
     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
 56      ../nptl/sysdeps/unix/sysv/linux/raise.c: Tiedostoa tai hakemistoa
 ei ole.
 (gdb) bt
 #0  0x00007ffff5ea5067 in __GI_raise (sig=sig at entry=6)
     at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
 #1  0x00007ffff5ea6448 in __GI_abort () at abort.c:89
 #2  0x00007ffff5ee31b4 in __libc_message (do_abort=do_abort at entry=1,
     fmt=fmt at entry=0x7ffff5fd8210 "*** Error in `%s': %s: 0x%s ***\n")
     at ../sysdeps/posix/libc_fatal.c:175
 #3  0x00007ffff5ee898e in malloc_printerr (action=1,
     str=0x7ffff5fd83f8 "double free or corruption (fasttop)",
     ptr=<optimized out>) at malloc.c:4996
 #4  0x00007ffff5ee9696 in _int_free (av=<optimized out>, p=<optimized
 out>,
     have_lock=0) at malloc.c:3840
 #5  0x000000000149a494 in av_free (ptr=0x240be60) at libavutil/mem.c:223
 #6  0x000000000149a4cc in av_freep (arg=0x7fffffffd600) at
 libavutil/mem.c:233
 #7  0x000000000076b85c in remove_decoded_packets (ctx=0x23f7de0,
 scr=8033041)
     at libavformat/mpegenc.c:954
 #8  0x000000000076bc70 in output_packet (ctx=0x23f7de0, flush=0)
     at libavformat/mpegenc.c:1031
 #9  0x000000000076c501 in mpeg_mux_write_packet (ctx=0x23f7de0,
     pkt=0x7fffffffd870) at libavformat/mpegenc.c:1176
 #10 0x000000000077f713 in write_packet (s=0x23f7de0, pkt=0x7fffffffd870)
     at libavformat/mux.c:754
 #11 0x0000000000781006 in av_interleaved_write_frame (s=0x23f7de0,
 pkt=0x0)
     at libavformat/mux.c:1245
 #12 0x0000000000421615 in write_packet (of=0x2548e20, pkt=0x7fffffffdb50,
     ost=0x255cc60, unqueue=0) at fftools/ffmpeg.c:797
 #13 0x0000000000421897 in output_packet (of=0x2548e20, pkt=0x7fffffffdb50,
     ost=0x255cc60, eof=0) at fftools/ffmpeg.c:868
 #14 0x0000000000426c53 in do_streamcopy (ist=0x25215a0, ost=0x255cc60,
     pkt=0x7fffffffde70) at fftools/ffmpeg.c:2065
 #15 0x00000000004292fa in process_input_packet (ist=0x25215a0,
     pkt=0x7fffffffde70, no_eof=0) at fftools/ffmpeg.c:2734
 #16 0x000000000042f772 in process_input (file_index=0) at
 fftools/ffmpeg.c:4422
 #17 0x000000000042fc80 in transcode_step () at fftools/ffmpeg.c:4542
 #18 0x000000000042fdad in transcode () at fftools/ffmpeg.c:4596
 #19 0x00000000004304ec in main (argc=22, argv=0x7fffffffe948)
     at fftools/ffmpeg.c:4802

--
Ticket URL: <https://trac.ffmpeg.org/ticket/6936>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list